Free Site RegistrationFree Site Registration

Sign up today and access Health Data Management on the web!
Your FREE registration entitles you to:

FREE Health Data Management e-newsletter

FREE Access Web Seminars on a host of I.T. topics

FREE Search for more than 12,000 articles

FREE White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues

FREE Podcasts, updates on industry events, and much more!

HHS Issues HIPAA Enforcement Rule

HDM Breaking News, October 30, 2009

The Department of Health and Human Services has published an interim final rule that strengthens enforcement of the HIPAA privacy and security rules. The actions were mandated under the HITECH Act within the American Recovery and Reinvestment Act.

The interim final rule is effective on Nov. 30, 2009, and HHS will accept comments through Dec. 29.

"This interim final rule amends HIPAA's enforcement regulations, as they relate to the imposition of civil money penalties, to incorporate the HITECH Act's categories of violations, tiered ranges of civil money penalty amounts, and revised limitations on the Secretary's authority to impose civil money penalties for established violations of HIPAA's Administrative Simplification rules (HIPAA rules)," the rule states. "This interim final rule does not make amendments with respect to those enforcement provisions of the HITECH Act that are not yet effective under the applicable statutory provisions. Such amendments will be subject to forthcoming rulemaking(s)."

HITECH increased civil monetary penalties for privacy and security violations. HHS in the rule established four categories of violations--did not know, reasonable cause, willful neglect that was corrected and willful neglect that was not corrected. Penalties range from $100 to $50,000 for each violation with a cap of $1.5 million for all such violations of an identical provision in a calendar year.

HITECH's privacy and security provisions became effective on Feb. 18, 2009. Consequently, the interim final rule distinguishes between violations occurring before, and on or after that date "with respect to the potential amount of civil money penalty and the affirmative defense available to covered entities," according to the rule.

The interim final HIPAA enforcement rule, published Oct. 30 in the Federal Register, is available at gpoaccess.gov/fr/index.html.

--Joseph Goedert

For more information on related topics, visit the following channels:

Advertisement

Marketplace

  • Find Security products & services on
    HDM Marketplace
  • Find HIPAA Compliance products & services on
    HDM Marketplace

    • Related Items

    Articles from this Site

    White Papers

    Web Seminars

    Advertisement