HIPAA Breach Notification Regulations—Sanctions No Longer Discretionary

On February 22, 2010, the U.S. Department of Health and Human Services (HHS) began enforcing penalties for violations of the breach notification regulations, as announced in the Interim Final Rule found at 74 Fed. Reg. 42,739, 42,757 (Aug. 24, 2009). As most healthcare providers and their attorneys are already aware, the Health Information Technology for Economic and Clinical Health (HITECH) Act resulted in the promulgation of new regulations, effective September 23, 2009, that require covered entities to provide notification to individuals, HHS and, in some instances, media outlets when there is a breach of unsecured protected health information (PHI).

Click the link below to read the full alert.