HIPAA updates: HITECH, Omnibus, Violations & Fines

Privacy Rule update 2003:

Sets limits on disclosure of ePHI and grants patients certain rights over their health information.

Security Rule 2004/2005:

Creates national standards to protect ePHI that is created, received, used, or maintained by healthcare organizations.

Breach Notification Rule 2009 (HITECH):

Within 60 days of large breaches, organizations must document response and notify the impacted individuals through letters and a press release.

Health Information Technology for Economic and Clinical Health (HITECH) Act 2009 (Signed by Barack Obama).

The Omnibus Rule (2013):

In part, expands certain HIPAA obligations to business associates and their subcontractors, modifies the breach notification standard, expands patient rights to access and to restrict disclosure of protected health information (PHI), imposes new rules governing uses and disclosures of PHI, clarifies enforcement approaches, and addresses obligations under the Genetic Information Nondiscrimination Act of 2008 (GINA)

The Omnibus Rule compels business associates to “report to the covered entity any security incident of which it becomes aware, including breaches of unsecured protected health information as required…” 

Violations:

TIER ONE

Unaware of the HIPAA violation and by exercising reasonable due diligence would have not have known HIPAA Rules have been violated

TIER TWO

Reasonable cause that the covered entity knew about or should have known about the violation by exercising reasonable due diligence

TIER THREE

Willful neglect of HIPAA Rules with the violation corrected within 30 days of discovery

TIER FOUR

Willful neglect of HIPAA Rules with no effort made to correct the violation within 30 days of discovery

For the 8th year in a row, healthcare had the highest costs associated with breaches —
$408 per lost or stolen record. This is three times higher than the cross-industry average.

PTG Blog

Get email alerts when we publish new blog articles!

more blog posts:

Compliance

CCPA: The Ultimate Guide

Overview The California Consumer Privacy Act (CCPA) was enacted in 2018 to give California consumers greater control over their personal information and to increase transparency

Read More
Prodigy 13 - Zero Trust Cybersecurity
Cybersecurity

Threat Hunting Myths

Threat hunting is the human-driven, proactive and iterative search through networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing automated tools.

Read More
ISO 27001

ISO 27001 Internal Audit

When it comes to maintaining a robust information security management system (ISMS), the ISO 27001 Internal Audit is an essential tool in your arsenal. It

Read More