The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
All Students should consider some of the following sources about patient information regulations:
Breach notification rule
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/
What to do in Case of a Breach of Unsecured PHI
A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.
The Breach Notification Rule requires covered providers to promptly notify individuals and the Secretary of the HHS of the loss, theft, or certain other impermissible uses or disclosures of unsecured PHI. Health care providers must also promptly notify the Secretary of HHS if there is any breach of unsecured protected health information if the breach affects 500 or more individuals, and notify the media if the breach affects more than 500 individuals of a State or jurisdiction.
http://www.healthit.gov/providers-professionals/ehr-privacy-security/practice-integration