New HIPAA/HITECH Act breach notification rules go into effect February 2010. If patient information that you store is improperly accessed or is breached the penalties are now substantial:
DID YOU KNOW?
- You notify individuals of the breach. If LESS THAN 500 records are lost you must keep a log of the breach and submit it to the Department of Health and Human Services (HHS). If MORE THAN 500 records are lost you must notify HHS within 60 days, notify major media outlets, and setup a hotline.
- Financial penalties are can now be as high as $1.5 million.
- HHS is now required to perform audits of covered entities to ensure HIPAA compliance.
- HHS Office of Civil Rights (OCR) can refer certain breach cases to the US Department of Justice.
- State Attorneys General are now authorized to bring civil actions in federal district courts.
A safe harbor from breach notification exists. Protected health information (PHI) that is secured using data encryption falls under the safer harbor from breach notification. You can protect your organization by implementing data encryption technology.
Talk to us about how to protect your patient information by using data encryption!
Legal disclaimer: The information contained herein should not be considered legal advice. Instead it is a summary of laws and rules. Refer to your attorney to determine how these laws and rules can apply to your organization.