WASHINGTON—The U.S. Department of Health and Human Services published an interim final rule Friday that incorporates changes to the Health Insurance Portability and Accountability Act included in federal stimulus legislation enacted earlier this year.
The interim final rule amends HIPAA's enforcement regulations to include new categories of violations and tiered civil penalties on covered entities, and revises limitations on the authority of the HHS secretary to impose civil penalties for violations.
Under the interim final rule published Friday, the following penalties for HIPAA violations will apply on or after Nov. 30:
The new penalty amounts apply to HIPAA violations occurring on or after Feb. 18.
Several other changes also were made to HIPAA as part of the American Recovery and Reinvestment Act of 2009. They include:
HHS’s regulations implementing these other changes were published earlier this year.
The Office for Civil Rights is accepting comments on the interim final rule until Dec. 29.
To access a copy of the interim final rule, go to: http://edocket.access.gpo.gov/2009/E9-26203.htm.