HIPAA and HITECH Act: The Stakes Have Gotten Higher for Group Health Plans


Health plan sponsors have long been aware of the HIPAA privacy and security rules that apply to their employee’s protected health information (PHI). More recently, the HITECH Act added several new obligations, including breach notification requirements. These changes have made HIPAA compliance a much higher-stakes proposition. The HITECH Act empowers state attorneys general to enforce HIPAA violations, directs HHS to conduct HIPAA compliance audits, and increases penalties for HIPAA noncompliance from an annual per-provision maximum of $25,000 to $1.5 million. HHS and state attorneys general are taking their new enforcement role seriously, the former having announced it will conduct an audit of every entity reporting a breach that affects more than 500 people, and the latter having already pursued at least one enforcement action. With the compliance stakes raised so substantially, let’s consider some of the more pressing requirements and what you can do about them.

Develop a written breach response procedure.

The new breach notification rule requires both a written response procedure and employee training. The procedure should take into account how you will provide required notifications to affected individuals, HHS and, in some cases, the media. Ideally, it will also account for existing state breach notification laws that may also apply.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.