February 26, 2010 / Law Alert

Government Agencies Enforce HITECH Act Regulations

As of February 22, 2010, the Department of Health and Human Services (“HHS”) began enforcement of data breach notification requirements explained in the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). Enacted as a part of the American Recovery and Reinvestment Act of 2009, the HITECH Act, modifies the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) substantially by, among other things, requiring covered entities to provide notification to individuals whose protected health information has been compromised, used, or disclosed without authorization, or otherwise fails to comply with HIPAA. For more information, see our law alert published August 21, 2009 that provides a general overview of the HITECH Act and its changes to HIPAA.