Schiff Hardin LLP September 11, 2009

Learn more about Employee Benefits and Executive Compensation at Schiff Hardin.

Attorneys In This Practice

Suzanne M. Arpin
Margaret C. Barker
Lauralyn G. Bengel
Katherine J. Levy
Christopher J. Rillo
Edward Spacapan Jr.
Margaret A. Strothkamp
B. Frank Thorn
David H. Williams

Schiff Hardin Offices

One Atlantic Center,
Suite 2300
1201 West Peachtree
Atlanta, GA 30309

225 Franklin Street,
Suite 2600 
Boston, MA 02110 

233 S Wacker Drive
Suite 6600
Chicago, IL 60606

One Westminster Place
Suite 200
Lake Forest, IL 60045

900 Third Avenue
New York, NY 10022

One Market, Spear Tower
32nd Floor
San Francisco, CA 94105

1666 K Street, NW
Suite 300
Washington, DC 20006

- - - - - - - - -

Join our mailing list.

Forward this alert to a friend or colleague.

- - - - - - - - -

Schiff Hardin Employee Benefits and Executive Compensation Group Update

Department of Health and Human Services Publishes Final Rule Regarding HIPAA Breach Notification Requirement

On August 24, 2009, the Department of Health and Human Services ("HHS") published the interim final rule regarding HIPAA's new breach notification requirement, which was adopted under the Health Information Technology for Economic and Clinical Health Act ("HITECH") as part of the American Recovery and Reinvestment Act of 2009. Before HITECH, covered entities (such as health plans and health care providers) were not expressly required to provide notice to individuals or HHS in the event of a breach of protected health information. HITECH now imposes new notification requirements on covered entities and business associates in the event of a breach of "unsecured" protected health information.

The recently published interim final rule describes the notice requirement including, among other things, (i) how to identify a "breach" that will trigger the notice obligation, (ii) when and how individuals, HHS, and, in some cases, the media must be notified of a breach, and (iii) what the notice must include. The rule also amends the HIPAA Privacy Rule by requiring covered entities to, among other things, update their HIPAA-required policies and procedures and train workforce members for the new notice requirement.

The effective date of the rule is September 23, 2009. HHS has stated that it will use its enforcement discretion to not impose sanctions for failure to provide the required notifications for breaches that are discovered before February 22, 2010.

Covered entities and business associates requiring assistance to comply with the new notice requirement should contact a member of the Schiff Hardin LLP Employee Benefits and Executive Compensation Group.

- - - - -

ABOUT SCHIFF HARDIN LLP

Schiff Hardin's Employee Benefits and Executive Compensation Group works with clients to determine which retirement and health/welfare benefits plans best suit their needs, and assists in the design and implementation of all types of stock-based plans, deferred compensation and employment arrangements. Our counseling extends to analyzing benefit formulas, investment alternatives and procedures, and issues of securities law and fiduciary concerns.

For more information, please feel free to contact us.

© 2009 Schiff Hardin LLP

This publication has been prepared for the general information of clients and friends of the firm.
It is not intended to provide legal advice with respect to any specific matter.
Under rules applicable to the professional conduct of attorneys in various jurisdictions,
it may be considered advertising material.

Finally, these materials are not intended to be used, and cannot be used by a taxpayer,
for the purpose of avoiding penalties that may be imposed on the taxpayer under law. 

For more information visit our Web site at www.schiffhardin.com.

Click here to manage your subscriptions.

Click here to unsubscribe from this list.