Department of Health and Human Services Issues Rule Requiring Individuals Be Notified of Certain Breaches of Health Information

On Wednesday, August 19, 2009, the Department of Health and Human Services ("DHHS") issued new regulations requiring HIPAA covered entities to notify individuals when their health information is breached.  The breach notification rules are in response to provisions contained in the Health Information Technology for Economic and Clinical Health Act ("HITECH"), which was passed as part of the American Recovery and Reinvestment Act of 2009 ("ARRA").

The new regulations are posted on The Office of the Federal Register website. We expect that they will be published in the Federal Register shortly. They will be effective 30 days after publication.