This post was also written by Gina M. Cavalier, Debra L. Hutchings, Kerry A. Kearney, and Mark S. Melodia.

On Feb. 17, 2009, President Obama signed into law H.R. 1, the American Recovery and Reinvestment Act (the “ARRA”).1 This memorandum outlines significant changes and additions to the landscape of federal privacy and security law set forth in Subtitle D of the ARRA. In general, the privacy and security portions of the ARRA become effective 12 months after the enactment of the ARRA, which is approximately February 2010. It is also important to note that the ARRA directs the Secretary of the U.S. Department of Health & Human Services (“HHS”) to amend the HIPAA Privacy and Security Rules to implement the legislative changes. As such, the effective dates associated with the rulemaking process will vary.

Click here to read the full alert.