On October 30th the US Department of Health & Human Services issued a interim final rule to strengthen the enforcement of the Health Insurance Portability and Accountability Act (HIPAA). This was necessary due to the The Health Information Technology for Economic and Clinical Health (HITECH) Act, which modified the HHS Secretary’s authority to impose civil money penalties for violations of the HIPAA act occurring after Feb. 18, 2009. These HITECH Act revisions significantly increase the penalty amounts the Secretary may impose for violations of the HIPAA rules and encourage prompt corrective action.
Prior to the HITECH Act, HHS could not impose penalties of more than $100 for each violation or $25,000 for all identical violations. A covered health care provider, health plan or clearinghouse could also bar the Secretary’s imposition of a civil money penalty by demonstrating that it did not know that it violated the HIPAA rules. Section 13410(d) of the HITECH Act strengthened the civil money penalty scheme by establishing tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision. A covered entity can no longer bar the imposition of a civil money penalty for an unknown violation unless it corrects the violation within 30 days of discovery.
Do you have checks in place that ensure you are in compliance? It is common practice and required by NIST SP 800-66 to actually have regular checks in place.
Contact us, we can help: contact@1ssa.net
Read more:
HHS announcement
1SSA - Security Consulting, Training and Products
skip to main |
skip to sidebar
Solutions that protect your assets and people in a changing world
The latest news around Information Security from various sources.
Solutions that protect your assets and people in a changing world
Who is reading
Search This Blog
Security News Digest
Posts
Subscribe Email
Digg & Twitter
 |
Disclaimer
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.