Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: ARRA/HIPAA Breach Reporting Dates Approaching - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ARRA/HIPAA Breach Reporting Dates Approaching


September 14th, 2009 or "thereafter"


The American Recovery and Reinvestment Act of 2009 was signed into law on February 17, 2009. The "Breach" notification portion of the law goes into effect 30 days after the Secretary of HHS "promulgates" "interim final regulations". Although those are not "promulgatedt" yet, a date can be calculated.

The way I calculate this, August 16th would be when the last day "interim final regulations" could be published, add 30 days, and the notification requirements "will apply to breaches of unsecured PHI" on September 14th, 2009 or "thereafter".
 

American Recovery and Reinvestment Act of 2009, Subtitle D—Privacy, Sec. 13402. Notification in the case of breach.

Related Diary

Unusable, Unreadable, or Indecipherable? No Breach reporting required
 

Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!