Got Health Data? Your Penalty Exposures for Data Breaches Just Increased

Jan 30, 2013   //   by Karen Lopez   //   Blog, Compliance and Regulation, Data, Data Breach  //  1 Comment

I’ve been blogging about health data breaches lately, but I’m not sure if there are more of them or if the reporting requirements are more strict.  I suspect the latter.

One of the things I’ve noticed is that many of the breaches seem to be of multiple exposures by the same organization, which has led to recent legislative changes to the HITECH Act.  You can see from the quote below that not only has the limit to the penalty been increased, but the penalties for repeat violators are higher. 

Given the sensitive nature of health data, I’m still thinking that we need to move more towards criminal penalties for wilful neglect and repeat violations.

In addition to redefining the scope and liabilities of business associates in the healthcare industry, the final HIPAA omnibus rule includes revisions to the penalties applied to each HIPAA violation category. While the American Recovery and Reinvestment Act of 2009 (ARRA) initially established a tiered penalty structure, it hasn’t been revised until now.

Section 160.404 refers to the amount of civil monetary penalty as administered under the HITECH (Health Information Technology for Economic and Clinical Health) Act. The original penalty structure used to be:

image

via HIPAA Violation Penalties Rise in Response to Data Breaches | SmartData Collective.

Do you think companies are bearing enough of the responsibility for protecting our data?  Do you as a data professional get enough support from management to ensure that data is protected?

1 Comment

Leave a comment

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Subscribe via E-mail

Use the link below to receive posts via e-mail. Unsubscribe at any time. Subscribe to blog.infoadvisors.com by Email


Facebook Flickr foursquare Google+ LinkedIn Skype StumbleUpon Twitter YouTube

Categories

Archive

UA-356944-2