Posted on September 3, 2009 by Brad Rostolsky

FTC Issues Final Rule on Notifying Consumers About Breaches of Electronic Health Records

This post was written by Mark S. MelodiaMichael K. BrownJ. Ferd Convery, IIISteven J. Boranian, Brad M. Rostolsky, Shana R. Fried and Paul Bond.

Until now, the loss or theft of protected health information rarely resulted in notice to consumers. Very few state data security breach notification laws encompass medical information. The Health Insurance Portability and Accountability Act ("HIPAA") merely required an "accounting" of such events to a patient upon the patient's request.

All that has changed. Congress, in enacting the Health Information Technology for Economic and Clinical Health Act ("HITECH"), imposed breach notification obligations on many of the individuals and business entities that receive, create, or maintain patients' individually identifiable health information. Pursuant to HITECH, on Aug. 17, the Federal Trade Commission ("FTC") issued its Health Breach Notification Rule, governing the breach notification obligations of three new categories of entity: "vendors of personal health records," "PHR related entities" and "third party service providers."

To read the full alert, click here.

Tags: , , , , ,
Posted on March 4, 2009 by Karl A. Thallner

Health Information Privacy and Incentives, Medicaid Funding, and Other Health Care Provisions in the American Recovery and Reinvestment Act

This post was written by Karl A. Thallner, Jr., Carol C. Loepere, Debra A. McCurdy, Brad M. Rostolsky, Jacqueline B. Penrod, and Amie E. Schaadt.

On February 17, 2009, President Obama signed into law H.R. 1, the American Recovery and Reinvestment Act (the “ARRA”). The sweeping $790 billion economic stimulus package includes a number of health care policy provisions. Reed Smith's Health Care Memorandum summarizes the major health policy provisions of the Act.

Tags: , , , , , , , , , , , , ,