Home » Privacy

HHS Issues HITECH Act HIPAA Enforcement Rule

31 October 2009 10,077 views 8 Comments

 

The Department of Health and Human Services has published an interim final rule to conform the enforcement regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HITECH Act, the Health Information Technology for Economic and Clinical Health Act which was enacted as part of the American Recovery and Reinvestment Act of 2009. The HITECH Act privacy and security provisions became effective on Feb. 18, 2009.

HITECH is concerned with defining the requirements for being compatible with the security and privacy regulations of the Privacy Rule. HITECH also facilitates the expansion of HIPAA standards.

The interim final rule is an amendment of HIPAA’s enforcement rules relating to civil monetary penalties incorporating the HITECH Act’s categories of violations, ranges of civil money penalty amounts, and revised limitations on the Secretary’s authority to impose civil money penalties for established violations of HIPAA’s Administrative Simplification Rules. This interim final rule is effective 30 days after today.

Prior to the HITECH Act, the money penalty for HIPAA violations was not more than $100 for each violation or $25,000 for all identical violations of the same provision. A covered entity could also avoid the civil money penalty by showing that it did not know that it violated HIPAA regulations.

HITECH Act Enforcement Interim Final Rule

Section 13410(d) of the HITECH Act, which became effective on February 18, 2009, revised section 1176(a) of the Social Security Act (the Act) by establishing:

  • Four categories of violations that reflect increasing levels of culpability;
  • Four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation; and
  • A maximum penalty amount of $1.5 million for all violations of an identical provision.

It also amended section 1176(b) of the Act by:

  • Striking the previous bar on the imposition of penalties if the covered entity did not know and with the exercise of reasonable diligence would not have known of the violation (such violations are now punishable under the lowest tier of penalties); and
  • Providing a prohibition on the imposition of penalties for any violation that is corrected within a 30-day time period, as long as the violation was not due to willful neglect.

This interim final rule will become effective on November 30, 2009.

The HITECH Act
The HIPAA Privacy Rule defines the regulations that are to be followed to become HIPAA-compliant but it is the HITECH Act that defines on the criticality of following these norms and elaborates on enforcement, accountability, penalty and persecution-related guidelines for those involved in sharing or accessing Protected Health Information.

You can find our more information on http://whatishipaa.org/hitech-act.php

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

8 Comments »

  • ClubPenguin said:

    Providing a prohibition on the imposition of penalties for any violation that is corrected within a 30-day time period, as long as the violation was not due to willful neglect.

  • joe lund said:

    I still don’t quite understand what the point of this Hitech act is?

  • dorotaloi said:

    Prior to the HITECH Act, the money penalty for HIPAA violations was not more than $100 for each violation or $25,000 for all identical violations of the same provision. A covered entity could also avoid the civil money penalty by showing that it did not know that it violated HIPAA regulations.
    dorotaloi recently posted..Wonderful Week Friend 2

  • Life Insurance Companies said:

    I am also confused to the purpose of this act? who all does this affect exactly?

  • Nashville Refinance said:

    I am also somewhat confused by what the intent of the new legislation as opposed to the older one.

  • plan cul sans engagement said:

    I do not even understand how I finished up right here, but I believed this submit was great.

    I do not understand who you might be but definitely

    you are going to a well-known blogger when you

    are not already. Cheers!
    plan cul sans engagement recently posted..plan cul sans engagement

  • rencontre femmes cougar said:

    you are in point of fact a good webmaster. The web site loading speed is incredible.

    It sort of feels that you are doing any unique trick. In addition, The contents are masterwork.

    you have done a great task in this topic!
    rencontre femmes cougar recently posted..rencontre femmes cougar

  • City Leeds said:

    Hey! I just wanted to ask if you ever have any issues with hackers?

    My last blog (wordpress) was hacked and I ended up losing

    several weeks of hard work due to no backup. Do you have any solutions to

    protect against hackers?
    City Leeds recently posted..City Leeds

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

CommentLuv badge