The federal security breach notification provisions contained in the Health Information Technology for Economic and Clinical Health (HITECH) Act and implementing regulations will cause patients, providers, regulators, and prosecutors to scrutinize not only security breach protocols but intrusion detection and other security measures to a much greater degree than previously. The nation’s five years of experience with the state breach notification laws demonstrates the validity of that statement in two primary respects: first, business risks associated with notification requirements make them a larger driver of security initiatives than regulation even in highly regulated industries outside of healthcare; second, given significant differences in definitions and scope of the federal rules and previously enacted state laws, reconciling state or federal conflicts will be a constant chore and basis for disputes.

Click here to read the full article.

Copyright 2009 American Health Lawyers Association, Washington, D.C.
Reprint permission granted.
Further reprint requests should be directed to American Health Lawyers Association
1025 Connecticut Avenue, NW, Suite 600
Washington, DC 20036
(202) 833-1100
For more information on Health Lawyers content, visit us at www.healthlawyers.org

Logo Downloads