Foley attorneys Shirley Morrigan, Lisa Acevedo and Aaron Tantleff delivered a West LegalEdcenter presentation titled “HITECH: Complying with the New Security Breach Notification Regulations” on September 16, 2009.
The new Health Information Technology for Economic and Clinical Health Act (HITECH Act), implemented as part of the Federal stimulus package, significantly heightens information privacy and security requirements under HIPAA to spur adoption of interoperable electronic health records by the health care industry. Two of the most critical changes under the HITECH Act are the new security breach notification requirements and the imposition of the HIPAA Security Rule requirements to the vendors of those entities covered under HIPAA, Business Associates. The HITECH Act also imposes a heightened and rigorous enforcement scheme, including increased penalties and expanded governmental enforcement authority directly applicable to health care providers, health plans and Business Associates. Failure to properly comply with the new security breach notification requirements can result in significant exposure to fines, penalties and civil actions by State Attorneys General. Yet properly reported breaches can also result in significant costs. Taking steps to prevent reportable breaches from occurring can help to significantly reduce risk of both governmental enforcement actions and the costs associated with reporting breaches and resulting negative publicity.
The panelists for this program have been involved in counseling clients with regard to the very strict California breach notification requirements (Senate Bill 541), and will include issues raised by that legislation.
Attendees of this web cast learned how to comply with the new security breach notification requirements as well as gained practical guidance on how to protect against reportable breaches.