Health Information Management

HIPAA and the HITECH Act: Mark these important dates

HIM-HIPAA Insider, March 23, 2009

Many of the specifics related to the HIPAA legislation in the American Recovery and Reinvestment Act of 2009 have yet to be worked out. The HHS secretary will regulate some laws, and most of the provisions in the Health Information Technology for Economic and Clinical Health (HITECH) Act will not take effect until a year from the Act’s passage, or February 17, 2010.

However, there are a few critical dates you should mark on your HIPAA calendar now:

April 17, 2009 – The HHS secretary’s deadline to define “unsecured PHI.” The new law forces providers to notify individuals whose “unsecured PHI” has been accessed because of a privacy or security breach. If the HHS secretary does not define by this date, the definition defaults to one produced by the National Institute of Standards and Technology.

August 17, 2009 – Deadline for the Federal Trade Commission to issue final regulations on what constitutes a breach of personal health record identifiable health information.

August 17, 2009 – Deadline for the HHS secretary to identify what must be included when a patient requests an accounting of disclosures on electronic health records (EHR). Individuals can now access disclosures for treatment, payment, or healthcare operations.

February 17, 2010 – Date on which the Act’s restrictions on marketing and fundraising take affect.

February 17, 2010 – Deadline for the HHS secretary to issue guidance on how covered entities must comply with “de-identification” of PHI, or what limits they have when they use patients’ information for research purposes.

August 17, 2010 – Deadline for HHS secretary to issue regulations on the sale of PHI.

August 17, 2010 – Date when the comptroller general must submit a report to the HHS secretary offering recommendations on what a patient harmed by a breach is entitled to in a financial settlement.

Editor’s note: This is an excerpt from the April 2009 issue of the HCPro, Inc. newsletter, Briefings on HIPAA. If you have a tip, comment or question about the HIPAA provisions in the HITECH Act, please e-mail it to Senior Managing Editor Dom Nicastro at

Most Popular