HIPAA: The New Security Rule and HITECH Act

In 2009, as part of the American Recovery and Reinvestment Act changes were made to the HIPAA Privacy and Security Standards, including requirements for addressing breaches. The HITECH Act imposes notification requirements on covered entities, business associates, vendors of personal health records (PHR) and related entities in the event of certain security breaches relating to protected health information (PHI). The Final Rule of the HITECH Act became effective November 30, 2009.