Part of the Stimulus plan (American Recovery and Reinvestment Act of 2009, ARRA if you're feelin' the government acronyms thing) required HHS to pass new regulations. The regulations will require covered entities to "provide notification in the case of breaches of unsecured protected health information."
The new HHS regs are here and they take effect tomorrow (today for my email subscribers)! The final rule takes effect September 23, 2009. Fortunately, the kind folks at DLA Piper have written a nice little summary.
The ADA Amendments Act took effect at the start of this year. Congress delegated some regulatory tasks to the EEOC. An EEOC press release indicates that the proposed new regs will be published in the federal register sometime this week. But hey, why wait? Through some magic, the folks at HR Hero tracked down and shared a copy today. I haven't read all 93 pages yet but I will provide additional coverage soon. One final note, the EEOC also published some Q and A on the proposed rules.