The U.S. Department of Health and Human Services (HHS) issued an interim final rule with request for comments today to strengthen its enforcement of the rules promulgated under the Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, modified the HHS Secretary's authority to impose civil money penalties for violations occurring after Feb. 18, 2009. These HITECH Act revisions significantly increase the penalty amounts the Secretary may impose for violations of
the HIPAA rules and encourage prompt corrective action.
Prior to the HITECH Act, the Secretary could not impose a penalty of more than $100 for each violation or $25,000 for all identical violations of the same provision. A covered health care provider, health plan or clearinghouse could also bar the Secretary's imposition of a civil money penalty by demonstrating that it did not know that it violated the HIPAA rules. Section 13410(d) of the HITECH Act strengthened the civil money penalty scheme by establishing tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision. A covered entity can no longer bar the imposition of a civil money penalty for an unknown violation unless it corrects the violation within 30 days of discovery.
The interim final rule with request for comments published today conforms the HIPAA enforcement regulations to these revisions made by the HITECH Act. It may be viewed and commented on at: www.regulations.gov. This rulemaking will become effective on Nov. 30,
2009, and HHS will consider all comments received by Dec. 29, 2009.
"The Department's implementation of these HITECH Act enforcement provisions will strengthen the HIPAA protections and rights related to an individual's health information," said Georgina Verdugo, the director of HHS Office for Civil Rights (OCR). OCR is responsible for
administering and enforcing HIPAA's privacy, security and breach notification rules.
"This strengthened penalty scheme will encourage health care providers, health plans and other health care entities required to comply with HIPAA to ensure that their compliance programs are effectively designed to prevent, detect and quickly correct violations of the HIPAA rules,"
said Verdugo. "Such heightened vigilance will give consumers greater confidence in the privacy and security of their health information and in the industry's use of health information technology."
This interim final rule with request for comments is the first of several steps HHS is taking to implement the HITECH Act's enforcement provisions. The remaining provisions, which have yet to become effective, will be addressed in the next few months in forthcoming rulemakings.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
www.artsacrossgeorgia.com
Arts Across Georgia
Follow us on Twitter: @GAFrontPage
Friday, October 30, 2009
HHS Strengthens HIPAA Enforcement
Wednesday, February 18, 2009
Patients Gain Protections in Health Information Technology Law
/PRNewswire-USNewswire/ -- Patients across the United States will benefit from a new health information technology (HIT) law providing comprehensive privacy and security standards for patient records including strong, protective provisions for psychotherapy records. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the economic stimulus package, was passed by the House and Senate on February 13 and signed into law by President Obama on February 17.
The HITECH Act builds on the federal government's current efforts to encourage the development of a national interoperable, electronic health records network with the goal of providing improved patient care at lower cost. The core of the HITECH Act contains provisions to ensure records privacy and security as HIT develops. The Act will:
-- Provide for an ongoing process for setting standards to better ensure
that privacy and security are protected in the health care system
-- Incorporate Health Insurance Privacy and Accountability Act (HIPAA)
Privacy and Security Rule standards, where possible, including with
regard to psychotherapy notes and other sensitive patient information
-- Improve upon the HIPAA "minimum necessary" standard, which requires
that only the minimum amount of patient information can be disclosed
depending on the request for the information
-- Implement further restrictions on health care plan use of patient
records for administrative "health care operations" purposes
-- Allow a patient to pay privately for health care and not have his or
her records included in an electronic network
-- Implement a process to explore segmenting particularly sensitive
patient records (such as mental health records)
-- Provide a notice to the patient when privacy is breached
-- Examine technologies to help patients track how their records have
been disclosed
-- Contain new strong patient enforcement measures and strengthen
existing HIPAA enforcement measures
-- Require Health and Human Services to study expanding the HIPAA
psychotherapy notes authorization requirement to include mental health
testing data
-- Make psychologists eligible for funding provisions in the law to
implement health information technology into their practices and to
join into electronic networks in their communities
-- Preserve stronger state privacy laws and allow the continued
application of state consent provisions
-- Require a study for providing for patient consent in electronic
records systems
-- Protect the well-established psychotherapist-patient privilege
currently recognized under federal and state law, and
-- Provide for continued Congressional oversight to ensure the bill's
privacy and security standards are effective.
The HITECH Act is the most comprehensive HIT legislation introduced by Congress and represents a giant leap forward for psychologists and their patients, achieving strong patient records privacy and security protections.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
