Health care providers and businesses that play in the electronic medical/health record space should take heed: The Health Information Technology for Economic and Clinical Health Act (HITECH Act), which is part of the American Recovery and Reinvestment Act of 2009 (the "Stimulus Package") signed into law on February 17, 2009, will bring about major changes to the requirements, application and penalties associated with the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Regulations (referred to jointly as "HIPAA" and singly as the "Privacy Regulations" and the "Security Regulations" for purposes of this Advisory). These changes will dramatically expand the application of HIPAA to covered entities, business associates, vendors of electronic health records and personal health records and, potentially, many entities previously not directly covered by HIPAA.
To read more about new rules regarding mandatory reporting of breaches; business associate agreements; individual HIPPA rights; non-covered HIPAA entities; and new penalties and enforcement provisions; and to view potential action steps for affected health care businesses, click here.