On January 17, 2013, the Department of Health and Human Services issued the long-awaited revisions to the HIPAA rules, making a number of changes to the current HIPAA privacy, security, breach notification and enforcement requirements. The major provisions of the new rules are briefly addressed below.

• The new rules adopt an increased, tiered civil money penalty structure for HIPAA violations provided by the HITECH Act. They also give the Office of Civil Rights discretion to impose penalties on covered entities and business associates in cases of violations due to willful neglect, instead of first attempting to resolve the matter through informal means. Penalties for HIPAA violations are significant. Specifically, penalties for violations caused by willful neglect, which are corrected, range from $10,000 to $50,000 per violation. The minimum penalty for an uncorrected HIPAA violation caused by willful neglect is $50,000 per violation. The penalties are capped at $1.5 million for all violations of an identical requirement in a calendar year.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.