While healthcare providers and their associates--which include third-party administrators, claims processors, attorneys, accountants and software providers--have been required since September 2009 to report breaches of 500 medical records or more if the records include non-encrypted data, some states have been enacting tougher laws. Now, it looks as though the federal government will be upping fines--in some cases up to $1.5 million--related to the leak of personal information, as well.
Beginning in mid-February, penalty ranges now will correspond to what the violator did or did not know. Willful neglect, for example, will cost between $10,000 and $50,000 per violation. There are several other categories of neglect and knowledge.
Of late, there have been a number of large, publicized breaches, including 15,000 compromised records of Kaiser Permanente patients and 450,000 compromised records of Health Net of Connecticut patients.