This article was featured as part of the Quality Care Courier from Research & Marketing Strategies (RMS).
If knowledge, including patient data, is power then the U.S. Department of Health & Human Services has sent a message to providers and other organizations charged with handling and protecting that data when it published the HIPAA omnibus final rule: With great power comes great responsibility.
Among the more notable changes to the rule is a new tiered penalty structure for covered entities that violate the law. It increases fines to as much as $50,000 for “willful neglect” of information without correction and $1.5 million for multiple violations of identical provisions. According to officials, Congress was very clear that they expect the law to be enforced in a more aggressive way and have dramatically increased the ability of HHS to impose monetary penalties.
Monetary penalties aside, four areas of the rule that will have a significant impact on providers are:
- A change that makes business associates and their subcontractors liable for breaches of personal health information;
- An enhanced right for patients to obtain electronic copies of their records;
- An enhanced right for individuals to request restrictions regarding disclosure of their PHI; and
- A change to the breach notification rule in which any disclosure of PHI is presumed to be a breach.
RMS Healthcare can provide consultation and training services to ensure HIPAA security compliance within your organization. If you would like to learn more about HIPAA provisions or further discuss how RMS Healthcare can help you, contact our Director of RMS Healthcare Susan Maxsween at SusanM@RMSresults.com or by calling (315) 635-9802.