About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

22 Health Law. 1 (2009-2010)

handle is hein.journals/healaw22 and id is 1 raw text is: THE ABA HEALTH LAW SECTION HEALT1H H LAWYER IN THIS ISSUE The HITECH Breach Notification Rules: Understanding the New Obligations ............................ 1 Race and Ethnicity: BiDil at the Intersection of Health Disparities, Pharmacotherapy, and Law ............................... 14 The Practical Pitfalls of Exclusion as Applied to Individual Health Care Providers, Client Entities and their Counsel ................ 23 Medical Legal Partnerships: A Key Strategy for Mitigating the Negative Health Impacts of the Recession .................. 29 Generic Drugs and Preemption after Wyeth v. Levine .............. 35 Volume 22, Number 1 October 2009 THE HITECH BREACH NOTIFICATION RULES: UNDERSTANDING THE NEW OBLIGATIONS Andrew B. Wachler, Esq. Amy K. Fehn, Esq. Wachler & Associates, P.C. Royal Oak, MI On August 19, 2009, the Department of Health and Human Services (HHS) issued an interim final rule with request for comments on the Breach Notification for Unsecured Protected Health Information (the Interim Final Rule).' The Interim Final Rule was mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, as part of the American Recovery and Reinvestment Act of 2009 (ARRA),2 which was enacted on February 17, 2009. The Interim Final Rule sets forth the regulatory requirements for determining when a breach of unsecured protected health information has occurred and dictates how, when and to whom such a breach must be reported. The Interim Final Rule also addresses comments and clarifies certain provisions contained in the Guidance and Request for Information issued by HHS on April 17, 2009' related to technologies and methods available to secure protected health information. While the Interim Final Rule sets forth the obligations for covered entities and business associates of covered entities that are subject to HIPAA, the Federal Trade Commission (FTC) also issued a final rule imposing similar notification requirements on vendors of personal health records (PHRs) and entities that contract with such vendors. The Interim Final Rule became effective on September 23, 2009. However, HHS has stated that it will not impose sanctions for failure to provide notification of breaches discovered before 180 days from the publication of the rule, i.e., February 22, 2010.' HHS has requested additional comments which are due October 23, 2009 and could result in further modifications of the Interim Final Rule in the future. Definition of Breach The Interim Final Rule defines a breach as the acquisition, access, use, or disclosure of protected health infor- mation in a manner not permitted under Subpart E of this part [the HIPAA Privacy Rule] which compromises the security or privacy of the protected health information.6 By definition, a use or disclosure that violates the HIPAA Privacy Rule7 is a prerequisite to the finding of a breach pursuant to the Interim Final Rule.8 So, for example, a continued on page 3

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most