Feds up the ante for securing medical docs
December 22, 2009 by Sam NarisiPosted in: In this week's e-newsletter, Latest News & Views, Security
Any company that handles medical or health insurance info about employees should pay attention to some new federal regs.
The Health Information Technology for Clinical and Economic Health (HITECH) Act significantly increases the penalties the Department of Health and Human Services (HHS) can level against employers and health care providers.
Before the HITECH Act, businesses faced a maximum fine of $100 for a single violation and $25,000 for all identical violations of the same provision. Now, the rules spell out a series of tiered minimum fines for individual claims, and a $1.5 million maximum when a group of employees are affected.
Increased notification duty
In addition to the uptick in fines, companies were also handed more responsibility in reporting breaches of health information. After discovering a security breach, companies will have to notify affected individuals, the HHS and, in some cases, “prominent media outlets.” Notice must be provided as soon as possible, no more than 60 days after the discovery.
What constitutes a breach? To trigger the notification requirements, the information leak must involve “personal health information” that’s lost or stolen and readable by whoever ends up with it (i.e. the data’s not encrypted).
The reporting rules go into effect on Feb. 22. The read the text of the rule, click here.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Loading ...
