Having problems with message search?
From: OCR HIPAA
Privacy Rule information distribution [mailto:OCR-PRIVACY-LIST@...] On Behalf Of OS OCR PrivacyList, OCR
(HHS/OS)
Sent: Friday, April 17, 2009 5:01
PM
To: OCR-PRIVACY-LIST@...
Subject: HITECH Act Breach
Notification Guidance and Request for Public Comment
HITECH Act Breach Notification Guidance
and Request for Public Comment
April 17, 2009
The U.S. Department of Health and Human
Services (HHS) issued guidance today specifying the technologies and
methodologies that render protected health information unusable, unreadable, or
indecipherable to unauthorized individuals, as required by the Health
Information Technology for Economic and Clinical Health (HITECH) Act passed as
part of American Recovery and Reinvestment Act of 2009 (ARRA). This
guidance was developed through a joint effort by the HHS Office for Civil
Rights (OCR), Office of the National Coordinator for Health Information
Technology (ONC), and Centers for Medicare and Medicaid Services (CMS).
This guidance relates to two forthcoming
breach notification regulations – one to be issued by HHS for covered
entities and their business associates under the Health Insurance Portability
and Accountability Act of 1996 (HIPAA) (Sec. 13402 of HITECH) and one to be
issued by the Federal Trade Commission (FTC) for vendors of personal health
records and other non-HIPAA covered entities (Sec. 13407 of HITECH).
HITECH requires these regulations to be published within 180 days of enactment.
If the entities subject to the regulations apply the technologies and
methodologies specified in the guidance to secure information, they will not be
required to provide the notifications required by the regulations in the event
the information is breached.
In addition to this guidance, HHS has also
concurrently issued a request for information (RFI) soliciting public comment
on the breach notification provisions of the HITECH Act to inform future
rulemaking and updates to the guidance. The guidance and RFI is available
at www.hhs.gov/ocr/privacy. Once published in the Federal
Register, the guidance and RFI will also be available for public comment at www.regulations.gov.
This email is being sent to you from the OCR-Privacy-list listserv, operated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services.
This is an announce-only list, a resource to distribute information about the HIPAA Privacy Rule. For additional information on a wide range of topics about the the Privacy Rule, please visit the OCR Privacy website at www.hhs.gov/ocr/hipaa/. You can also call the OCR Privacy toll-free phone line at (866) 627-7748. Information about OCR's civil rights authorities and responsibilities can be found on the OCR home page at www.hhs.gov/ocr
If you believe that a person or organization covered by the Privacy Rule (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy Rule, you may file a complaint with OCR. For additional information about how to file a complaint, see the Fact Sheet "How to File a Health Information Privacy Complaint," available at http://www.hhs.gov/ocr/privacyhowtofile.htm .
To subscribe to or unsubscribe from the list serv, please go to: http://list.nih.gov/cgi-bin/wa?SUBED1=ocr-privacy-list&A;=1
Offline 
Send Email