New HIPAA Provisions Take Effect
Wednesday, 17. February 2010
Today marks the start date for many of the new HIPAA rules that were propagated as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The revised rules include a new public/media relations component, updated restrictions and provisions for accounting and disclosures of protected health information, and increased civil and criminal penalties for violators.
HIPAA previously applied only to covered entities (i.e. health care providers, health insurance companies and clearinghouses). One of the biggest changes under the HITECH rules is that business associates, or third party service providers that handle PHI of covered entities, must now comply directly with HIPAA, and will be held liable for security breaches of patient files or information stored in their systems.
In general, the revisions give HIPAA “sharper teeth,” with stiffer penalties for violators and mandatory audits by the Department of Health and Human Services (HHS). Penalties now range from $100 to $50,000 per violation, with a maximum in any one year ranging from $25,000 to $1.5 million. The new law requires HHS to investigate complaints, impose penalties for willful neglect and conduct periodic audits of both covered entities and business associates to ensure they are in compliance with the rules.
For more tips on how your practice or company can remain in compliance review Nuesoft’s HIPAA fact sheet, and tune in on March 1 to our HIPAA podcast. Visit the Nuesoft Web site for details.
