The HIPAA Hi-Tech Act
The Health Information Privacy Administration Act is the federal law that mandates the privacy of your personal health information. The Health Information Technology for Economic and Clinical Health Act provides increased penalties, further incentives and promotes technology to keep that information secure.-
Time Frame
-
Part of the American Recovery and Reinvestment Act of 2009, the HITECH Act became law on Feb. 17, 2009. It modified the U.S. Department of Health and Human Services Secretary's authority to impose civil money penalties for HIPAA violations that occur after Feb. 18, 2009.
Significance
-
Before the HITECH Act, the Secretary could not impose more than $100 per violation or $25,000 for all violations of the same provision. A covered health plan, health care provider or other entity could even bar the imposition of a civil money penalty by demonstrating it had no knowledge it violated HIPAA rules.
Features
-
The HITECH Act strengthened the HIPAA civil money penalty scheme. It created a tier of increasing penalties with a maximum $1.5 million for all violations of the same provision. Lack of knowledge no longer excuses a violation unless the violator corrects the problem within 30 days of discovering it.
-