HIMSS 2011 is going on this week.
What better place for the HHS to announce tighter security requirements and bigger violation penalties?
According to a OCR advisor, the HHS will release the final HITECH security, privacy and breach notification rules in 2011 at one time versus a staggered release…this is intended to simplify compliance.
Some interesting items to mull over:
- Initial breach penalties will be increased to $50,000 per violation, with a maximum amount of $1.5 million in a year…
- Also noted was these penalties could be huge as most breaches contain multiple violations…
- Business associates can be held directly liable for violations (get that Associate’s Agreement signed!)
- All ePHI, treatment, payment and health care operations info breaches must be tracked and disclosed
- Some EHR specific items (expect these to be future Meaningful Use requirements):
- If a patient asks for their treatment info and it is not readily available in the format in which they desire, the default will be to give them direct electronic access to that information (this is going to create some headaches)…
- If a patient want to restrict how data is shared between health entities, then EHRs need to be able to handle this.
What is a medical practice to do?
Come up with a solid plan toward full and complete HIPAA compliance, then follow this plan…all the way through.
Interestingly, we have a complete plan to get you complete, we call it our HIPAA Triad, the shortcut to HIPAA Compliance.
To learn more about our HIPAA compliance process either sign up on our mailing list (to the left) or click the Call Me button on the left.