HIPPA Health Information Portability and Accountability Act (HIPAA) of 1996 Established by the Department of Health and Human Services (HHS) to provide national standards for: Electronic health care transactions National identifiers for providers, health plans, and employers.
HIPAA HIPAA established standards for electronic health information transactions for certain electronic healthcare transactions, including claims, enrollment, eligibility, payment, and coordination of benefits. These standards also mandate that organizations address the security of electronic healthcare information systems (CMS, 2010).
HITECH Act The Health Information Technology for Economic and Clinical Health (HITECH) Act HITECH modernizes existing HIPAA standards for healthcare privacy and security measures Enhances HIPAA provisions due to the increased incidence of violations and security breaches of health information
HIPAA Breach Notification Rule Affects the unauthorized acquisition, access, use or disclosure of unsecured patient health data and information as a result of a security breach (AMA, 2010) This Rule does not replace existing HIPAA privacy regulations that permit providers to exchange or collect patient information within certain limits of their practice
DATA Breach Defined A breach per the AMA (2010) can be defined as: The acquisition, access, use, or disclosure of unsecured patient health information which is not permitted by the HIPAA Privacy Rules and compromises the security or privacy of that information
Legal Action HHS can impose fines for noncompliance as high as $100 per offense, with a maximum of $25,000 per year on any person who violates a provision of the HIPAA rule Under "Wrongful Disclosure of Individually Identifiable Health Information," Section 1177 states that a person who knowingly: uses or causes to be used a unique health identifier obtains individually identifiable health information relating to an individual discloses individually identifiable health information to another person Corporate Author. (2011). HIPAA Violations: HIPAA Fines and HIPAA Penalties for Non-Compliance. Retrieved 21 AUG 2011, from http://www.training-hipaa.net/hipaa_resources/Violation_Penalties.htm
Legal Action shall be fined not more than $50,000, imprisoned not more than 1 year or both if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years or both; and if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both. Corporate Author. (2011). HIPAA Violations: HIPAA Fines and HIPAA Penalties for Non-Compliance. Retrieved 21 AUG 2011, from http://www.training-hipaa.net/hipaa_resources/Violation_Penalties.htm
References AMA. (2010). What You Need to Know About the New HIPAA Breach Notification Rule. Retrieved 21 AUG 2011, from http://www.ama-assn.org/ama1/pub/upload/mm/368/hipaa-breach.pdf Corporate Author. (2011). HIPAA Violations: HIPAA Fines and HIPAA Penalties for Non-Compliance. Retrieved 21 AUG 2011, from http://www.training-hipaa.net/hipaa_resources/Violation_Penalties.htm CMS. (2010). CMS Information Security (IS) Virtual Handbook. Retrieved. 21 AUG 2011, from http://www.cms.gov/informationsecurity/01_overview.asp Rinehart-Thompson, L. (2009). Redefining the Health Information Management Privacy and Security Role. Retrieved 21 AUG 2011, from http://perspectives.ahima.org/index.php?option=com_content&view= article&id=146:redefining-the-health-information-management-privacy-and- security- role&catid=47:privacy-and-security&Itemid=91