OCT 30, 2009 11:06am ET

Related Links

New Cloud Platform, Apps from Optum
February 15, 2012
Correction: OCR HIPAA Rule Scheduled for March
February 14, 2012
eHealth Initiative Studies the I.T. of ACOs
February 10, 2012
Rule to Ease Consumer Understanding of Health Insurance Policies
February 9, 2012
New Content on HHS Consumer Web Sites
February 8, 2012
Health Plan ID, Insurance Exchange Rules Coming Soon
February 6, 2012
Laptop Loaded with PHI Stolen from Lexington Clinic
January 31, 2012

Web Seminars

The Evolution of Tablet Computing in Healthcare
Available On Demand
Which comes first? Chargemaster Standardization vs. System Conversion
Available On Demand
Chronic Care. Chronic I.T. Challenges
Available On Demand

HHS Issues HIPAA Enforcement Rule

Print
Reprints
Email

The Department of Health and Human Services has published an interim final rule that strengthens enforcement of the HIPAA privacy and security rules. The actions were mandated under the HITECH Act within the American Recovery and Reinvestment Act.

The interim final rule is effective on Nov. 30, 2009, and HHS will accept comments through Dec. 29.

"This interim final rule amends HIPAA's enforcement regulations, as they relate to the imposition of civil money penalties, to incorporate the HITECH Act's categories of violations, tiered ranges of civil money penalty amounts, and revised limitations on the Secretary's authority to impose civil money penalties for established violations of HIPAA's Administrative Simplification rules (HIPAA rules)," the rule states. "This interim final rule does not make amendments with respect to those enforcement provisions of the HITECH Act that are not yet effective under the applicable statutory provisions. Such amendments will be subject to forthcoming rulemaking(s)."

HITECH increased civil monetary penalties for privacy and security violations. HHS in the rule established four categories of violations--did not know, reasonable cause, willful neglect that was corrected and willful neglect that was not corrected. Penalties range from $100 to $50,000 for each violation with a cap of $1.5 million for all such violations of an identical provision in a calendar year.

HITECH's privacy and security provisions became effective on Feb. 18, 2009. Consequently, the interim final rule distinguishes between violations occurring before, and on or after that date "with respect to the potential amount of civil money penalty and the affirmative defense available to covered entities," according to the rule.

The interim final HIPAA enforcement rule, published Oct. 30 in the Federal Register, is available at gpoaccess.gov/fr/index.html.

--Joseph Goedert

Consumer Health
Data Security
EHR
Health Info Exchange
Policy & Regulation
Stimulus
Hospitals
Group Practices
Payers

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Most Read
Most Emailed

Slide Shows

What’s Wrong with EHR User Interfaces?
Twitter
Facebook
LinkedIn

Current Issue

Building Connections on the Care Continuum

A major success factor for accountable care organizations will be linking caregivers across the spectrum of care delivery. If history is any indication, that's going to be an industrywide struggle.

Videos

HdmTV from HIMSS 2011: Claire McCarthy, director of operational effectiveness at Kaiser Permanente

Policy & Regulation

EHR

Health Info Exchange

Revenue Cycle & Payments

Chronic Care

Mobile Technology

Web Seminars

White Papers

Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
FOLLOW US
Already a subscriber? Log in here
Please note you must now log in with your email address and password.