The American Recovery and Reinvestment Act of 2009, commonly referred to as the “Stimulus Bill”, contains multiple provisions which affect the rights and obligations of certain parties under the privacy and security provisions of HIPAA. These changes relate to the application of the security and privacy provisions to business associates; the notification requirements in the event of breach; the educational requirements regarding health information privacy; the restrictions on the disclosure and sale of health information; the accounting requirements of certain protected health information disclosures; auditing standards; and other related issues. The Department of Health and Human Services will be promulgating regulations to implement the provisions of the “Stimulus Bill” over the next number of months. As these regulations and other guidance become available, please check back to the Med Law Blog for continuing updates and summary of the new compliance requirements.
Paul J. Welk