If you haven’t been paying much attention to HIPAA compliance lately, here are some good reasons to start.
The Health Insurance Portability and Accountability Act (HIPAA) has been around for awhile, but now more than ever, you need to make sure your practice keeps patients’ protected health information (PHI) private and secure.
Eye opener: HITECH, a part of the ARRA stimulus bill passed last year, raises the fines providers must pay if they are responsible for a PHI breach and fail to notify people affected. HITECH also allows state prosecutors to use the federal HIPAA law to prosecute breaches on their own. And the Attorney General in Connecticut is already trying his hand at enforcing HIPAA penalty provisions for security violations.
This past month, AG Richard Blumenthal sued Health Net, a health plan, for breaching private patient medical records and financial information involving 446,000 of its enrollees. To make matters worse, Health Net didn’t notify enrollees about the breach until 6 months after a portable disk drive containing their PHI was stolen from the plan’s corporate office, Blumenthal alleges. Data on the drive was unencrypted, and included sensitive information like social security numbers and bank account numbers.
Big money: If the case goes to court and Health Net is found guilty, civil penalties could top out at $22.3 billion, if Blumenthal goes for the $50,000 fine per record in HITECH’s stricter CMP rules. Health Net admits no wrongdoing, and has given two years of free credit monitoring services to plan enrollees affected by the breach.
HITECH gives HIPAA a lot of new heft. Learn how to comply here.
Related articles:
- ARRA Sharpens HIPAA’s TeethSurprise! The stimulus package gave us new HIPAA requirements that…
- Boost HIT Security with This HIPAA Checklist The scenario: A patient in your financial planner’s office…
- Keep PHI Out of Medical Staff E-Mails With This Simple ListGive your staff this tool to deidentify health information Information…