HITECH Act Breach Notification Guidance: What Renders PHI Unusable, Unreadable or Indecipherable For Purposes of Breach Notification?
On April 17, 2009, the U.S. Department of Health & Human Services (HHS) issued guidance on the technology requirements to render protected health information (PHI) “unusable, unreadable or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH) which is a part of the American Recovery and Reinvestment Act of 2009 (ARRA). The guidance is effective as of April 17, 2009. However, the guidance will apply to breaches 30 days after publication of the interim final regulations.
HHS’s press release on the guidance states:
The guidance issued today provides steps entities can take to secure personal health information and establishes the trigger for when entities must notify that patient data has been compromised. This guidance is related to “breach notification” regulations, which will be issued by HHS and the Federal Trade Commission respectively. The HHS regulations will apply to entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the FTC regulation will apply to vendors of personal health records and certain others not covered by HIPAA. The Recovery Act requires that these regulations be published within 180 days of enactment.
The guidance was developed through a joint effort by the […]
Read more this great post here
