HITECH Act Security Rule Poster
The U.S. Department of Health and Human Services (HHS) has issued regulations requiring employee health plans, health care providers, and other entities covered by HIPAA to notify individuals when their personal health information (PHI) is breached.
These “breach notification” regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
The regulations require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals.
Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate. Additionally, the new rules require covered entities to train their workforce on policies and procedures relating to the breach notification requirement. Failure to comply with HIPAA requirements can result in penalties up to $25,000 in a calendar year.
Our HITECH Act Security Rule Notification Poster provides an overview of the requirements for employee health plan participants and informs them of their right to prompt notification if their personal health information is breached.
Posting this exclusive poster will help covered entities meet the training and disclosure provisions of the rules.
Who Needs It
All employers who offer health benefits to employees must ensure compliance with HIPAA privacy and security requirements, including the HITECH Act Security Breach Notification Rules.
Notify Existing Plan Participants
Posting our 11” x 17” policy poster in the workplace acknowledges the requirements and communicates to your employees that your organization is committed to complying with federal mandates. The information included on this poster will help meet the workforce training requirement contained in the rule.
Demonstrate Good-Faith Compliance
Posting this information to proactively notify employees of their right to prompt written notice of a breach of their PHI can demonstrate good-faith compliance during a HIPAA-related audit or investigation.