|
December 8, 2009 |
Schiff Hardin Corporate Update On October 30, 2009, the U.S. Department of Health & Human Services ("HHS") issued an interim final rule and request for comments ("interim final rule") intended to provide regulated entities (e.g., covered entities and business associates) with additional notice as to the strengthened civil money penalty authority of the Secretary of HHS, as promulgated under the Health Information Technology for Economic and Clinical Health ("HITECH") Act. The interim final rule became effective on November 30, 2009. HHS will consider comments to the interim final rule received by December 29, 2009. The interim final rule is the first of several steps HHS is taking to implement the increased penalties and enhanced enforcement provisions of the HITECH Act. As background, Subtitle D of the HITECH Act expands the federal privacy and security rules promulgated by the Health Insurance Portability and Accountability Act ("HIPAA") regarding patient health information by, among other things, (i) establishing HIPAA breach notification requirements applicable to covered entities and business associates, (ii) extending the applicability of the HIPAA privacy and security rules to business associates, (iii) providing greater protections regarding the use of individual patient health information, and (iv) establishing tiered categories of violations with corresponding penalties as clarified by the interim final rule and summarized below.
The interim final rule explains that HHS will not impose the maximum penalty amount in all cases; HHS will determine penalty amounts based upon the nature and extent of the violation, the nature and extent of the resulting harm, and other factors set forth in HIPAA regulations including the covered entity's history of prior compliance or financial condition. We are providing this alert to notify you of the upcoming deadline in the event that you would like to comment on the interim final rule. If you would like our assistance preparing comments regarding the interim final rule prior to the December 29, 2009 deadline or if you would like assistance with your data security or healthcare IT arrangements, please contact us. ABOUT SCHIFF HARDIN Schiff Hardin's corporate and technology team routinely assists clients with a broad array of technology transactions and issues, including master services agreements, software, data and content license agreements, end-user license agreements, subscription agreements, managed services agreements, development agreements, strategic alliances, and joint ventures for healthcare, pharmaceutical, and information technology providers and customers.
|