Violations of HHS’ New Patient Privacy Rule Could Cost $1.5M
The U.S. Department of Health and Human Services (HHS) released a new rule Thursday to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
“Much has changed in health care since HIPAA was enacted over 15 years ago,” HHS Secretary Kathleen Sebelius said in a press release. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”
Called the “omnibus” privacy and security rule because of its broad reach, it’s based on statutory changes under the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009. The rule explains when braches of information must be reported to the Office for Civil Rights, sets new rules on the use of patient-identifiable information for marketing and fundraising, and expands direct liability under the law to the so-called “business associates” of hospitals and physicians and other “HIPAA-covered entities.” Those associates might include a provider’s healthcare data-miners and health information technology service providers, according to Modern Healthcare.
It also increases penalties for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.
“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” HHS Office for Civil Rights Director Leon Rodriguez said. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
Official publication of the new 563-page rule in the Federal Register is scheduled Jan. 25. Its effective date is March 26 with a compliance date 180 days later, or Sept. 21, 2013
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!