HIPAA Breach Notification Regulations—Sanctions No Longer Discretionary

AGG Associates Jessica Tobin Grozine and Keith A. Mauriello wrote an article titled, “HIPAA Breach Notification Regulations—Sanctions No Longer Discretionary,” which was published in the March edition of Georgia Health Law Developments, a publication of the Health Law Section of the State Bar of Georgia. On February 22, 2010 the U.S. Department of Health and Human Services (HHS) began enforcing penalties for violations of the breach notification regulations brought about by the Health Information Technology for Economic and Clinical Health Act. The Act requires covered entities to provide notification to individuals, HHS and possibly even media outlets when a breach of unsecured protected health information (PHI) occurs. Although at first glance it may seem easy to comply with the guidance by securing all PHI, in practice it will be challenging and costly. Covered entities, business associates and their counsel must become familiar with the breach notification regulations, as the HHS’s grace period has come to pass, and it is time to make certain the breach notification regulations are being followed. To read the full article, please click here.