OSMA Membership

Take a few moments to join or renew online so you can make sure that you will continue to receive the benefits of OSMA membership and help the future of medicine remain strong.

Join Renew

Upcoming Events

View all upcoming events

Subscribe to Events

Find a Physician

Or use the Advanced Finder to make your search more specific.

Breach Notification

American Recovery and Reinvestment Act of 2009 (ARRA)

Health Information Technology and Clinical Health Act (HITECH)

HIPAA and their business associates are now required to notify patients and others when PHI is breached. The new requirements are outlined in the federal ARRA/HITECH legislation and in rules issued by the Department of Health and Human Services. These new rules override existing Ohio law that exempts HIPAA covered entities from state data breach notification requirements.

Upon discovering a breach of unsecured PHI, you are now required to notify affected individuals, the Department of Health and Human Services (HHS) and, in some cases, prominent media outlets serving your practice area.

Because this new notification obligation is time consuming, expensive and potentially embarrassing, your goal should be to avoid data breaches! You can avoid the breach notification requirements if you encrypt or destroy PHI by a method that meets the standards that HHS adopted.

The breach notification rules became effective September 23, 2009, so you need to take action now to come into compliance.

OSMA's resources and the links below will help you understand the requirements and bring your practice into compliance. These resources are FREE for OSMA members.

If you would like to become a member and have access to these and many other valuable resources, contact Lindsey Poland at lpoland@osma.org or click here.

If you have questions, please e-mail info@osma.org.