Is your organization HIPAA healthy?New regulations go into effect
Is your organization
HIPAA healthy?New regulations go into effect
What’s new and different with HIPAA?
On August 19, 2009, the U.S. Department of Health and Human Services (HHS) issued new data breach notification regulations for healthcare providers, health plans and other entities that are covered by the Health Insurance Portability and Accountability Act (HIPAA).
These tougher regulations impose stiffer penalties and are designed to strengthen HIPAA. They are tied to provisions of the Health Information Technology for Economic Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA) signed by President Obama.
The new data breach notification regulations go into effect on September 23, 2009.
Who needs to be notified when a data breach occurs?
Notification requirements for unsecured (not encrypted) protected health information:
-
More than 500 people – A data breach affecting more than 500 people must be reported immediately to:
-
HHS
-
Major media outlets
-
Individuals affected by the breach
-
Less than 500 people – A data breach affecting less than 500 people must be reported to:
-
HHS secretary on an annual basis
-
Individuals affected by the breach
In addition, business associates are also required to notify each other of any data breach occurrences. The covered entity, rather than the individual, is notified in these instances.
Organizations that have an effective data protection policy in place and encrypt protected health information to make it unusable, unreadable or indecipherable to unauthorized individuals are exempt from these notification requirements.
What are the financial repercussions of a breach?
The fines for data breaches have increased significantly with the latest HIPAA update. An organization can now be fined up to $1,500,000 per calendar year for each violation.
In addition, individuals who have been affected by a HIPAA data breach can now receive a percentage of a civil monetary penalty or monetary settlement. This financial provision may be enough of an incentive for organizations to comply with HIPAA.
In addition to fines, an organization that has a data breach will incur monetary expenses associated with notifying people affected by a breach. Once emails, first-class mailings, toll-free numbers, media outreach, man-hours and more are tabulated, a breach can quickly turn into an avoidable multimillion-dollar issue.
This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware. Article Source:http://www.articlesbase.com/security-articles/is-your-organization-hipaa-healthynew-regulations-go-into-effect-1565798.html