New federal privacy and security mandates for handling of medical records, including mandatory notification of individuals whose personal health data is breached, were included in the Health Information Technology for Economic and Clinical Health Act (HITECH) (American Recovery and Reinvestment Act of 2009), signed into law by President Obama February 17, 2009. The core change to the Health Insurance Portability and Accountability Act (HIPAA) is that the legislation will generally require covered entities and business associates to disclose to their patients any security breach that exposes the patients' information to unauthorized persons outside the covered entity.
Read the article