Following the passage of the American Recovery and Reinvestment Act of 2009 (the “Recovery Act”) last February, the Department of Health and Human Services (“HHS”) and Federal Trade Commission (“FTC”) have given marching orders to healthcare providers and related entities to provide breach notification in relation to compromised protected health information and other forms of individually identifiable health information (“HHS Rule” and “FTC Rule”). Any provider or business that handles health records should be aware of these new federal rules.