Health Information Compliance Alert
New Interim Rule on HIPAA Penalties Released by HHS
PDF
Watch Out: Maximum monetary penalty for HIPAA violations just increased by 6,000 percent. If you were confused by enforcement of the old HIPAA penalty rules, the new ones are only a little clearer " and have much sharper teeth. On Oct. 30, 2009, HHS issued an interim final rule with request for comments under the HITECH Act revisions. The HITECH statute requires HHS to develop new penalties for violations of health care security and privacy that occur after Feb. 18, 2009. The rulemaking takes effect on Nov. 30, 2009, according to HHS, which will consider comments until Dec. 29, 2009. Under the proposed new rule, violations would be subject to penalty ranges that correspond to what the violator knew or didn't know: If he did not know about the violation, he'd be subject to a penalty of $100 to $50,000 per violation; if a violation was "due to reasonable cause," $1,000 to $50,000 per violation. If willful neglect occurred but the violation was corrected, the range is $10,000 to $50,000 per violation, and if it was not corrected, the minimum penalty is $50,000 per violation. Penalties are subject to an overall cap of $1.5 million for all violations of an identical provision in a year. That's almost a 6,000% increase in the maximum penalty an organization or provider can pay for a HIPAA violation. Prior to the HITECH Act, the HHS Office for Civil Rights, which is responsible for administering and enforcing HIPAA's privacy, security and breach notification rules, could not impose a penalty of ore than $100 for each violation or $25,000 for all identical violations of the same provision. A covered health care provider, health plan or clearinghouse could also bar the Secretary's imposition of a CMP by demonstrating that it did not know that it violated the HIPAA rules. But HITECH narrowed the defenses that health organizations and providers can turn to after a violation: "A covered entity can no longer bar the imposition of a civil money penalty for an unknown violation unless it corrects the violation within 30 days of discovery," said HHS in a news release about the proposed rule. (Editor's note: Read HHS's news release at: http://www.hhs.gov/news/press/2009pres/10/20091030a.html. Details ofthe new interim rule can be read at: http://www.regulations.gov/search/Regs/home.html#documentDetail?R=0900006480a4e565.)
Health Information Compliance Alert
- COMPLIANCE STRATEGIES:
Top 3 Reasons to Keep Your Patients' PHI on U.S. Soil
Is offshoring an option for you? Here's how to find out. Your first question when [...] - Security Strategies:
You Be The Security Expert: How Do You Handle An Onsite Privacy Rule Investigation?
Question: We're adding to our privacy compliance handbook a section on how to respond to [...] - Privacy:
Don't Rely On Aliases to Protect Your Patients' PHI
You can protect your patients' information without changing their names. Picture it: Brad Pitt is [...] - Compliance Strategies:
6 Tips For Streamlining Your Accounting
Use this advice to ensure compliance during PHI leaks. If you can't recognize an incidental [...] - Reader Questions:
Don't Throw Out Those Training Records
Question: Does the privacy rule mandate that we keep our training documentation, like sign-in sheets [...] - Reader Questions:
Spouse Gets Special Privileges Under HIPAA
Question: How does The Health Insurance Portability and Accountability Act (HIPAA) affect married couples? Does [...] - Privacy Compliance:
Defuse Patient Complaints With These Protocols
Putting a complaint on the backburner can land you in hot water with the feds. [...] - Clip 'N' Save Tool:
Help Staffers Combat Common Security Violations
Here are 10 security incident warning signs. Would you bank on your staff's ability to [...] - Sample Worksheet:
Zero In On Your Compliance Plan's Holes With This Tool
Staff members' input is vital to your self-evaluation's success. Your personnel play a huge role [...] - Industry News:
New Interim Rule on HIPAA Penalties Released by HHS
Watch Out: Maximum monetary penalty for HIPAA violations just increased by 6,000 percent. If you [...]