United States Government Publishing Office
publisher
pbl
distributor
dst
United States
National Archives and Records Administration
Office of the Federal Register
author
aut
Government Organization
text
government publication
eng
FR
Regulatory Information
2009_register
executive
2009-04-27
article
Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements Under Section 13402 of Title XIII (Health Information Technology for Economic and Clinical Health Act) of the American Recovery and Reinvestment Act of 2009; Request for Information
Rules and Regulations
D09002ee1bdd76315
D09002ee1bdd7637a
United States
Department of Health and Human Services
originator
org
United States Government Agency or Subagency
This document is guidance and a request for comments under section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub. L. 111-5). ARRA was enacted on February 17, 2009. The HITECH Act (the Act) at section 13402 requires the Department of Health and Human Services (HHS) to issue interim final regulations within 180 days of enactment to require covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates to provide for notification in the case of breaches of unsecured protected health information. For purposes of these requirements, section 13402(h) of the Act defines ``unsecured protected health information'' to mean protected health information that is not secured through the use of a technology or methodology specified by the Secretary in guidance, and requires the Secretary to issue such guidance no later than 60 days after enactment and to specify within the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals. Through this document, HHS is issuing the required guidance and seeking public comment both on the guidance as well as the breach notification provisions of the Act generally to inform the future rulemaking and updates to the guidance.
74 FR 19006
https://www.govinfo.gov/app/details/FR-2009-04-27/E9-9512
E9-9512
FR27AP09-11
4150-03-P
https://www.govinfo.gov/app/details/FR-2009-04-27/E9-9512
https://www.govinfo.gov/content/pkg/FR-2009-04-27/html/E9-9512.htm
https://www.govinfo.gov/content/pkg/FR-2009-04-27/pdf/E9-9512.pdf
5 p.
19006
19010
74 FR 19006
Code of Federal Regulations
Title 45 Part 160
45 CFR Part 160
Code of Federal Regulations
Title 45 Part 164
45 CFR Part 164
Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements Under Section 13402 of Title XIII (Health Information Technology for Economic and Clinical Health Act) of the American Recovery and Reinvestment Act of 2009; Request for Information; Federal Register Vol. 74, Issue
RULE
E9-9512
DEPARTMENT OF HEALTH AND HUMAN SERVICES
2009-05-21
4150-03-P
E9-9512
Guidance and Request for Information.
This document is guidance and a request for comments under section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub. L. 111-5). ARRA was enacted on February 17, 2009. The HITECH Act (the Act) at section 13402 requires the Department of Health and Human Services (HHS) to issue interim final regulations within 180 days of enactment to require covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates to provide for notification in the case of breaches of unsecured protected health information. For purposes of these requirements, section 13402(h) of the Act defines ``unsecured protected health information'' to mean protected health information that is not secured through the use of a technology or methodology specified by the Secretary in guidance, and requires the Secretary to issue such guidance no later than 60 days after enactment and to specify within the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals. Through this document, HHS is issuing the required guidance and seeking public comment both on the guidance as well as the breach notification provisions of the Act generally to inform the future rulemaking and updates to the guidance.
Comments must be submitted on or before May 21, 2009. The guidance is applicable upon issuance, which occurred on April 17, 2009, through posting on the HHS Web site at http://www.hhs.gov/ocr/privacy. However, the guidance will apply to breaches 30 days after publication of the forthcoming interim final regulations. If we determine that the guidance should be modified based on public comments, we will issue updated guidance prior to or concurrently with the regulations.
Andra Wicks, 202-205-2292.
American Recovery and Reinvestment Act of 2009:
Guidance Specifying Technologies and Methodologies that Render Protected Health Information Unusable, etc.,
http://crypto.stanford.edu/pgolle/papers/census.pdf
http://www.csrc.nist.gov
http://www.csrc.nist.gov/
http://www.hhs.gov/ocr/privacy
http://www.irs.gov/businesses/small/article/0,,id=201295,00.html
http://www.regulations.gov
Federal Register
Vol. 74, no. 79
Office of the Federal Register, National Archives and Records Administration
2009-04-27
continuing
daily
deposited
born digital
157 p.
Table of Contents:
AE 2.7:
GS 4.107:
AE 2.106:
KF70.A2
https://www.govinfo.gov/app/details/FR-2009-04-27
P0b002ee180026e4f
0097-6326
0042-1219
0364-1406
769-004-00000-9
000582072
f:FR27AP09
https://www.govinfo.gov/app/details/FR-2009-04-27
https://www.govinfo.gov/content/pkg/FR-2009-04-27/pdf/FR-2009-04-27.pdf
https://www.govinfo.gov/content/pkg/FR-2009-04-27/xml/FR-2009-04-27.xml
fdlp
18977
19124
DGPO
2009-04-27
2023-05-02
FR-2009-04-27
machine generated
eng
FR
FR-2009-04-27
74
79