Achieve Safe-Harbor Status From HITECH Act Breach Notification With NIST-Certified Data Encryption

Enacted as part of the American Recovery and Reinvestment Act of 2009, it addresses the privacy and security concerns associated with the electronic transmission of health information.

The Department of Health and Human Services (HH S) has published a "breach notification" rule, which clarifies several requirements of the HITECH Act. The Security Rule, which went into effect on February 22, 2010, requires health care providers and other HIPAA covered entities to notify affected individuals and the HH S Secretary of a breach. If the breach affects more than 500 individuals, the media must also be notified. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate.