HIPAA & HITECH Act Fines Capped at $1.5 Million

Healthcare has changed tremendously in the past few years, and the progress that’s being made seems straight from the pages of a sci-fi novel. Now individuals can produce affordable electronic health records (EHRs) for patients and health information exchanges (HIEs) to help doctors share patient data.

A network that stores large quantities of medical data shared between multiple providers creates opportunities for cyber-criminals. While HITECH provides incentives for EHR and HIE adoption, it also expands a patient’s privacy rights under HIPAA, and creates a new burden for providers to maintain compliance and healthcare data security.

For example, providers are required to notify patients any time there is a breach of “unsecured” (unencrypted) patient health information (PHI). As healthcare data makes its rapid migration into the digital realm, encryption is becoming the law of the land. Healthcare practices need their I.T. providers to stay abreast of emerging cyber threats and monitor their network for security “holes” and hacking attempts.

Hooks Systems of Wilmington offers 24 x 7 monitoring and remediation services and security assessments which provides proof of compliance and due diligence.

Penalties for HIPAA Violations

The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology.

Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

Sources-U.S. Department of Health and Human Services