On January 17, 2013, the Department of Health and Human Services issued the long-awaited revisions to the HIPAA rules, making a number of changes to the current HIPAA privacy, security, breach notification and enforcement requirements. The major provisions of the new rules are briefly addressed below.
• The new rules adopt an increased, tiered civil money penalty structure for HIPAA violations provided by the HITECH Act. They also give the Office of Civil Rights discretion to impose penalties on covered entities and business associates in cases of violations due to willful neglect, instead of first attempting to resolve the matter through informal means. Penalties for HIPAA violations are significant. Specifically, penalties for violations caused by willful neglect, which are corrected, range from $10,000 to $50,000 per violation. The minimum penalty for an uncorrected HIPAA violation caused by willful neglect is $50,000 per violation. The penalties are capped at $1.5 million for all violations of an identical requirement in a calendar year.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
Topics: Business Associates, Covered Entities, Data Protection, Electronic Medical Records, HIPAA, HIPAA Omnibus Rule, HITECH, Medical Records, Notice Requirements, Notifications, Patient Privacy Rights, PHI
Published In: Health Updates, Insurance Updates, Privacy Updates, Science, Computers & Technology Updates
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Thompson Coburn LLP | Attorney Advertising