Cyber criminals, hackers, rogue employees and just plain careless employees can open you or your facility up to significant costs imposed by these Federal and/or State Laws for the unauthorized release or theft of Protected Health Information.
Newly passed laws such as HITECH/HIPAA hold YOU – the health care provider responsible for release of this information even if no damage has occurred. Encrypted data DOES NOT eliminate the risk.
Federal and state laws can impose fines of up to $50,000 per record and mandate additional requirements for remediation which are costly and in addition to any fine and penalty.
Have You Explored Data Breach Insurance?
Come To The One Source Where 11 Insurance Markets Compete For Your Business…
Intermarket Insurance represents over 11 different data breach insurers and will shop the market for you. One app will get you 11 quotes, coverage comparison and access to our experts for a recommendation.
Discuss the program or get additional information:
The U.S. Department of Health and Human Services (HHS) issued an interim final rule with request for comments today to strengthen its enforcement of the rules promulgated under the Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, modified the HHS Secretary’s authority to impose civil money penalties for violations occurring after Feb. 18, 2009. These HITECH Act revisions significantly increase the penalty amounts the Secretary may impose for violations of the HIPAA rules and encourage prompt corrective action.
“The Department’s implementation of these HITECH Act enforcement provisions will strengthen the HIPAA protections and rights related to an individual’s health information,” said Georgina Verdugo, the director of HHS Office for Civil Rights (OCR). OCR is responsible for administering and enforcing HIPAA’s privacy, security and breach notification rules.
“This strengthened penalty scheme will encourage health care providers, health plans and other health care entities required to comply with HIPAA to ensure that their compliance programs are effectively designed to prevent, detect and quickly correct violations of the HIPAA rules,” said Verdugo. “Such heightened vigilance will give consumers greater confidence in the privacy and security of their health information and in the industry’s use of health information technology.”
This interim final rule with request for comments is the first of several steps HHS is taking to implement the HITECH Act’s enforcement provisions. The remaining provisions, which have yet to become effective, will be addressed in the next few months in forthcoming rulemakings. Additional information about HIPAA and several related rulemakings may be found on OCR’s Web site: http://www.hhs.gov/ocr/privacy/.