On February 17, 2010, HHS will begin to enforce changes to the HIPAA enacted through the HITECH Act. The new requirements imposed by the HITECH Act will have a significant impact on the privacy and security of personal health information and compliance efforts of affected healthcare Covered Entities and their Business Associates. The HITECH Act has expanded the direct applicability of the Privacy and Security Rules to Business Associates. Significant changes may be necessary to comply with the new requirements.
Continue reading "PREPARED TO COMPLY? - HITECH ACT ENFORCEMENT SET TO BEGIN" »
HHS issued its interim final rule increasing penalties for privacy and security violations under the HIPAA. The new rule significantly increases the maximum penalty for civil violations of HIPAA, and decreases the defenses available to providers. The new penalty amounts apply to HIPAA violations occurring on or after February 18, 2009. For more information about these requirements, click here.
Continue reading "NEW REGULATION INCREASES PENALTIES FOR HIPAA VIOLATIONS" »
To better protect the privacy of personal health information, the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) have published new rules implementing the HITECH breach notification requirements. Healthcare providers and other covered entities regulated under HIPAA will be required to provide notice to individuals, HHS, and, potentially, the media when unsecured protected health information is breached. These new rules extend the notification requirements to business associates and vendors of electronic health records, while strengthening the requirements for covered entities. The notification requirements apply to any breach on or after September 23, 2009. For more information about these requirements, click here.
Continue reading "HHS and FTC Issue Final Breach Notification Rules" »
Health Law Monitor