“It’s 11 o’clock do you know where your personal health information is?” The new provisions in the American Recovery and Reinvestment Act of 2009 (ARRA) may make this a very expensive question if the answer is “no.”ARRA has new – and sweeping – provisions regarding the security of health information. “Covered entities” will be required to notify individuals within 60 days of any breaches of their personal health information. And, if the privacy breach involves 500 or more individuals, then the Department of Health and Human Services must be notified as well.”Business associates” will also be held to  much higher standards of maintaining the privacy and security of health records. HIPAA enforcement is extended to these entities, too.And, to counter critics that there was “a lot of HIPAA and not a lot of enforcement,” the new Act gives states attorneys general the authority to sue for HIPAA violations. This right had been reserved exclusively for the HHS’ Office of Civil Rights. State AGs will be able to seek statutory damages and attorneys fees on behalf of affected individuals in their states. State AGs are well-known for acting aggressively and rapidly, so HIPAA compliance will no longer be something to address “tomorrow.”These new provisions should cause anyone with sensitive medical information to reflect on the steps that they’ve taken – and need to take - to secure this data.At Secure Services Corporation, we believe that secure and encrypted data using our highly robust SHAPE (Secure Health And Privacy Environment) products will allow our customers to rest easy. They’ll know where the personal health information is at 11 o’clock and around the clock!SHAPE – Secure information at the tip of your finger.