HHS Issues HITECH Act HIPAA Enforcement Rule

The Department of Health and Human Services has published an interim final rule to conform the enforcement regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HITECH Act, the Health Information Technology for Economic and Clinical Health Act which was enacted as part of the American Recovery and Reinvestment Act of 2009. The HITECH Act privacy and security provisions became effective on Feb. 18, 2009.

HITECH is concerned with defining the requirements for being compatible with the security and privacy regulations of the Privacy Rule. HITECH also facilitates the expansion of HIPAA standards.

The interim final rule is an amendment of HIPAA’s enforcement rules relating to civil monetary penalties incorporating the HITECH Act’s categories of violations, ranges of civil money penalty amounts, and revised limitations on the Secretary’s authority to impose civil money penalties for established violations of HIPAA’s Administrative Simplification Rules. This interim final rule is effective 30 days after today.

Prior to the HITECH Act, the money penalty for HIPAA violations was not more than $100 for each violation or $25,000 for all identical violations of the same provision. A covered entity could also avoid the civil money penalty by showing that it did not know that it violated HIPAA regulations.

HITECH Act Enforcement Interim Final Rule

Section 13410(d) of the HITECH Act, which became effective on February 18, 2009, revised section 1176(a) of the Social Security Act (the Act) by establishing:

Four categories of violations that reflect increasing levels of culpability;
Four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation; and
A maximum penalty amount of $1.5 million for all violations of an identical provision.

It also amended section 1176(b) of the Act by:

Striking the previous bar on the imposition of penalties if the covered entity did not know and with the exercise of reasonable diligence would not have known of the violation (such violations are now punishable under the lowest tier of penalties); and
Providing a prohibition on the imposition of penalties for any violation that is corrected within a 30-day time period, as long as the violation was not due to willful neglect.

This interim final rule will become effective on November 30, 2009.

The HITECH Act
What is HITECH Act? The HIPAA Privacy Rule defines the regulations that are to be followed to become HIPAA-compliant but it is the HITECH Act that defines on the criticality of following these norms and elaborates on enforcement, accountability, penalty and persecution-related guidelines for those involved in sharing or accessing Protected Health Information.

You can find our more information on http://whatishipaa.org/hitech-act.php

admin 31 October 2009 Privacy HIPAA, HITECH Act No Comments

HHS Issues Rules Adjusting Penalties under the Patient Safety and Quality Improvement Rule for Inflation

The HIPAA Act of 1996 has set strict standards regarding a patient’s Protected Health Information (PHI) as a part of its Privacy Rule regulations. The Privacy Rule addresses all issues concerned with saving/accessing/sharing medical & personal information of an individual.

However, this is a very basic definition, as the realm of a Covered Entity implies to all Business Associates that are involved in accessing/sharing an individual’s medical health information. A Business Associate represents all persons or organizations that are involved in the direct functioning of a Covered Entity or act on behalf on a Covered Entity.

As required by the Federal Civil Penalties Inflation Adjustment Act of 1990 (Inflation Adjustment Act), the U.S. Department of Health and Human Services (HHS) issued both a direct final rule and a proposed rule today adjusting for inflation the maximum civil money penalty amount for violations of the confidentiality provisions of the Patient Safety and Quality Improvement Act. These confidentiality provisions are enforced by the Office for Civil Rights (OCR).

The Inflation Adjustment Act requires HHS to adjust for inflation the Patient Safety Act’s civil money penalty amount at least once every four years, beginning from the Patient Safety Act’s date of enactment, which was July 29, 2005. These rules adjust the maximum civil money penalty amount for a violation of the confidentiality provisions of the Patient Safety and Quality Improvement Act from $10,000 to $11,000.

The public has 30 days to comment on these rules. If no adverse comments are received, the direct final rule will go into effect 90 days after publication, and the proposed rule with be withdrawn. If, however, adverse comments are received during the comment period, the direct final rule will be withdrawn. For more information, visit the OCR web site at http://www.hhs.gov/ocr/privacy/.

The HIPAA Privacy Rule
What is HIPPA? The HIPAA Privacy Rule, also called the Standards for Privacy of Individually Identifiable Health Information, provides rules and guidelines for the use/disclosure of an individual’s health information.

You can find our more information on http://whatishipaa.org

admin 29 August 2009 Privacy HIPPA No Comments

How Government Documents are used in Identity Theft?

If you look into your wallet, you may find at least one or two government documents – the driver’s license or State ID card. You may be amazed to find how many government documents you currently have, and the value of each, when you study the following list:

Driver’s license: Other than your driver’s license number, the driver’s license has your name, address, hair color, eye color, weight, height, and your DOB. You show it to policemen even when you are not driving your car and at airports to pass through some security checkpoints. Your driver’s license is generally requested when you buy merchandise by personal check. As a matter of fact, the cashier often writes down the driver’s license number on your check. Since your driver’s license has so much personal information, it is sensible to cut up the expired one into tiny pieces that cannot be reassembled together. The identity thief can create a phony driver’s license with your personal details to open an account in your identity, cash fake check in your name or use stolen personal checks.
Birth certificate: Birth certificate shows that you are a U.S. citizen. It has your father’s name; mother’s maiden name; city and state you were born in; year, day, and time you were born. You must have a birth certificate to get state ID card, passport, and so on. Just to be safe, keep your birth certificates in a safety deposit box or locked file cabinet.
Passport: Your passport is also a valuable document for identity thief. It has your address, picture, and full name and it shows that you are a U.S. citizen. You bring your passport when you travel overseas. You show it to customs in other country and upon return to U.S. Your passport can be employed by terrorist organizations attempting to gain entry into a country. If your passport is stolen or lost, it can be sold to crime organizations and used to establish United States citizenship. It should be stored in locked file cabinet or a safety deposit box.
Auto registration form: Auto registration form contains your full name and home address on it as the ownership proof. The identity thief can use your name and other information to purchase a car; your name and address will show up on the auto registration. Store this document in safe places.
State ID cards: They are used as identification for individuals who don’t have driver’s license. Other than your ID number, it has your name, address, and DOB.
Social Security Card: Social security numbers are important confidential data. An identity thief can obtain social security numbers by stealing wallets, handbags and mail (bank and credit card information and tax statements). Information may also be stolen from an unsecured website, from business or personnel records or from the garbage of businesses. The identity thief can use a stolen social security number to apply for credit cards or obtain other personal information.

To open a new bank account at many banks, two kinds of ID are required; current passport or unexpired (current) driver’s license is a form of ID, and the other is usually either an unexpired credit card or birth certificate.