While healthcare providers and their associates--which include third-party administrators, claims processors, attorneys, accountants and software providers--have been required since September 2009 to report breaches of 500 medical records or more if the records include non-encrypted data, some states have been enacting tougher laws. Now, it looks as though the federal government will be upping fines--in some cases up to $1.5 million--related to the leak of personal information, as well.
Beginning in mid-February, penalty ranges now will correspond to what the violator did or did not know. Willful neglect, for example, will cost between $10,000 and $50,000 per violation. There are several other categories of neglect and knowledge.
Of late, there have been a number of large, publicized breaches, including 15,000 compromised records of Kaiser Permanente patients [1] and 450,000 compromised records of Health Net of Connecticut patients [2].
To learn more:
- read this San Francisco Business Times article [3]
- here is a breakdown of all the rules that will go into effect [4] next month
Links:
[1] http://www.fiercehealthcare.com/story/records-15-500-kaiser-patients-compromised/2010-01-14?utm_medium=rss&utm_source=rss&cmp-id=OTC-RSS-FH0
[2] http://www.fiercehealthcare.com/story/loss-info-insurance-enrollees-leads-historic-lawsuit/2010-01-14
[3] http://www.bizjournals.com/sanfrancisco/stories/2010/01/25/story14.html?b=1264395600%5E2770461&s=industry&i=health_care
[4] http://www.aaoms.org/docs/practice_mgmt/hippa_vs_hitech.pdf