American Recovery and Reinvestment Act Changes to HIPPA Rules

The American Recovery and Reinvestment Act (ARRA) expanded HIPAA by requiring new notices in the event of an unauthorized use, access, or disclosure of protected health information (PHI). If a "covered entity" discovers a breach in privacy and security protocols, it is required to provide, within 60 days of discovery, notice by first class mail to each individual whose PHI has been (or is reasonably believed to have been) breached.
October 6, 2009 - About Findley Davies
The American Recovery and Reinvestment Act (ARRA) expanded HIPAA by requiring new notices in the event of an unauthorized use, access, or disclosure of protected health information (PHI). If a "covered entity" discovers a breach in privacy and security protocols, it is required to provide, within 60 days of discovery, notice by first class mail to each individual whose PHI has been (or is reasonably believed to have been) breached.

The Department of Health and Human Services (DHHS) issued interim final regulations on Privacy Breach Notification on August 24, 2009. These regulations stipulate that beginning September 23, 2009, self-funded employers must notify affected employees (and the DHHS) of any breach caused by the employer or it's Business Associate. However, the DHHS indicated it would not levy penalties for failing to provide required notifications in connection with any breach discovered before February 22, 2010.

Nevertheless, employers will want to begin ensuring their HIPAA policies and procedures remain in compliance by considering the following:

* Business Associates will have to comply with the same privacy and security requirements as Covered Entities. As such, they will be subject to the same civil monetary penalties for any HIPAA violations. Employers will need to update their Business Associate Agreements to clearly identify which party will take responsibility for notifying individuals affected by a breach.

* Employers will need to advise their employees of the new notification requirements. We suggest this be done as part of your Open Enrollment process.

 *HIPAA Training should be updated, with those employees currently handling PHI scheduled for a "refresher" class as soon as possible.

To help employers get started, Findley Davies has prepared the Privacy and Security Training presentation below. You may use this with our compliments.

Should you have questions, please contact your Findley Davies Consultant, or you may call the Firm toll free at 800.456.1360.
The HR industry´s premier online community and resource for Human Resource professionals: HR, human resources, HR community, human resources community, HR best practices, best practices in human resources, online communities for HR, HR articles, HR news, human resources articles, human resources news, HR events, leadership, performance management, staffing and recruitment, benefits, compensation, staffing, recruitment, workforce acquisition, human capital management, HR management, human resources management, HR metrics and measurement, organizational development, executive coaching, HR law, employment law, labor relations, hiring employees, HR outsourcing, human resources outsourcing, training and development
hr.com. human resources management resources for hr professionals. | HR menus | HR events | HR Sitemap
Index | Index-en | HIPAAcompensation © HR.com, Aurora, Ontario, Canada