"Amended HIPAA Privacy and Security Rules," Davis Wright Tremaine Presentation
On Aug. 20, 2009, the U.S. Department of Health and Human Services (HHS) issued an interim final rule on required notification of breaches of unsecured protected health information. (Please see Jason Froggatt's presentation regarding breach notification rules, made prior to the release of the interim final rule.) The interim rule is effective for breaches that occur beginning 30 days after the rule is published in the Federal Register, although HHS has indicated that it will not enforce the rule for 180 days. After the effective date, it will change the way that every employer that sponsors a group health plan must handle breaches of unsecured protected health information.