Newsletters Welcome, Guest Log In | Register
Blogs:

Lora Bentley

Governance and Risk

From regulatory compliance to corporate governance structure, everyone is involved

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

1

HITECH Act Means More Aggressive HIPAA Enforcement

Posted by Lora Bentley Mar 19, 2009 2:38:10 PM

Since the Health Insurance Portability and Accountability Act became law, enforcement has been a weak link. The number of covered entities that are in full compliance has been low, simply because the Department of Health and Human Services hasn't had much of an enforcement mechanism in place. But that was before the American Recovery and Reinvestment Act was signed into law last month.

 

Before ARRA, there were HIPAA audits here and there. Florida's Piedmont Hospital was used as an example in 2007, and experts warned covered entities to be prepared. Still, those subject to the law complained that the requirements weren't really clear, and they dragged their feet to comply. Now, not only will HIPAA covered entities have to sit up and take notice, but those who do business with HIPAA covered entities will have to pay attention as well.

 

In addition to the extension of HIPAA security and privacy concerns to "business associates" and the addition of federal data breach notification rules, Title XIII of ARRA (aka the HITECH Act) includes aggressive enforcement provisions. Schwabe, Williamson and Wyatt shareholder Kelly Hagan says the most significant are those that provide for enforcement incentives to the Department of Health and Human Services' Office of Civil Rights. Hagan says:

"Civil penalties collected in the future by the Office of Civil Rights (OCR) for privacy or security violations will be turned over to the agency to fund even greater enforcement efforts. If history is any guide, then OCR's current complaint-driven, compliance-oriented approach to enforcement will shift quickly to a more aggressive and punitive strategy."

Though the penalty and enforcement provisions are set to become effective on Feb. 17, 2010, Hagan notes that "exceptions swallow the rule. The article includes a helpful chart listing the effective dates for each of those exceptions. Of particular interest perhaps, is Feb. 17, 2011, when monetary penalties will become mandatory if a violation results from "willful neglect."

Related Content

Add a comment Leave a comment on this blog post.
Mar 20, 2009 11:25 AM Guest Mahala Fife  says:

I am a Release of Health Information/HIPAA Consultant.  I can tell you, from 12 years of experience in medical records, unless a professional release of information service is used, HIPAA compliance is almost nil.  Medical records staff are not trained on how to handle the release of health information and the law are easily forgotten.  Forcing EMR is not going to help, it makes accidental HIPAA breaches even easier to occur.  I have also seen a large clinic adopt EMR first hand . . . they went from 45 employees down to 15, only because there weren't paper charts anymore.  What a way to help the economy!?!?!  My prediction is that this Act will barely be followed and complied with.  HIPAA breaches occur on a daily basis, nobody tracks it, and who is going to enforce another act when HIPAA is barely being followed.  I wish that HIM staff were more knowledgeable about HIPAA and that EMR was utilized when the healthcare provider was ready, not because the government said so.  This is why I am a Consultant in this field now, I want to help and I will.
Reply

Related Content

Browse

Topic: HIPAA

Health care companies must safeguard patient information from internal, external threats

Blog: New Survey Highlights Ignorance of HITECH Act

Article: RFID Gains Leverage in the Data Center

White Paper: The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

Related Topics

Data Security, Legislation and Regulation, Privacy

Featured White Papers

Browse

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

Browse

Network Optimization

Network management tools and tips to increase network speed and efficiency, regardless of office location.

Featured Whitepapers

Extreme Savings: Cutting Costs with WAN Optimization

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Cost Cutting through Server Consolidation

Products, management tools, and industry insights that enhance the value of virtualization for your business.

Featured Whitepapers

The Business Case for Virtualization

Enterprise Manager

Tools, best practices and expert advice on managing your enterprise IT infrastructure, databases, and Web service components.

Featured Whitepapers

Enterprise Management Flyover

Premium Tools

Browse

Strategic IT Planning & Governance Best Practices Guide

Use this guide — along with the more than 60 templates included — to ensure the overall success of your entire IT department.

Learn more >

The IT Service Catalog Management Toolkit

Bridge the it-business gap once and for all! A well documented IT services catalog is the conduit for IT services to the rest of the company.

Learn more >