HIPAA Final Rule: Enforcement: Four Penalty Tiers

February 21, 2013.  Today, we examine the four penalty tiers for violations of HIPAA Rules in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We start with two definitions, the first of which, Reasonable cause, was modified in the Final Rule, and the second of…

READ MORE

HHS Strengthens HIPAA Enforcement

On Friday, October 30, 2009, HHS published in the Federal Register its Interim Final Rule that strengthens HIPAA enforcement under HITECH Act civil penalty revisions enacted as part of the American Recovery and Reinvestment Act on February 17, 2009.  “These HITECH Act revisions significantly increase the penalty amounts the Secretary [of HHS] may impose for violations of the HIPAA rules and encourage prompt corrective action,” according to the HHS press release.  The Interim Final Rule is effective as federal policy on November 30, 2009, and HHS requests comments by December 29, 2009. With the definition of ‘breach’ in the HITECH Act moving privacy and security violations under one requirement requiring…

READ MORE