HIPAA Final Rule: Enforcement–Factors for Determining Civil Money Penalties for HIPAA Violations

February 25, 2013.  Today, we examine factors considered in determining the amount of a civil money penalty for a HIPAA violation that are modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The Department of Health and Human Services (HHS) identified “five general factors”…

READ MORE

Final Rule: Modified Definition of Breach

January 28, 2013.  Today, we want to explore the modified definition of breach in the Final HIPAA/HITECH Act Privacy, Security, Breach Notification, and Enforcement Rule published in the Federal Register on Friday, January 25, 2013. Here is the modified definition [45 CFR 164.402, Definitions, effective March 26, 2013; 78 Federal Register 5695]: Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E [HIPAA Privacy Rule] of this part [Part 164] which compromises the security or privacy of the protected health information. (1) Breach excludes: (i) Any unintentional acquisition, access, or use of protected health information by a workforce member or…

READ MORE