HHS publishes interim final HIPAA rule

WASHINGTON—The U.S. Department of Health and Human Services published an interim final rule Friday that incorporates changes to the Health Insurance Portability and Accountability Act included in federal stimulus legislation enacted earlier this year.

The interim final rule amends HIPAA's enforcement regulations to include new categories of violations and tiered civil penalties on covered entities, and revises limitations on the authority of the HHS secretary to impose civil penalties for violations.

Under the interim final rule published Friday, the following penalties for HIPAA violations will apply on or after Nov. 30:

The minimum civil penalty is $100 per violation if the covered entity was unaware of it and, by exercising reasonable diligence, would not have known about the violation.

The minimum civil penalty is $1,000 per violation for those that were the result of “reasonable cause” involving circumstances that would make it unreasonable for the covered entity to comply.

The minimum penalty is $10,000 for violations that result from willful neglect and are subsequently corrected.

The minimum penalty is $50,000 for violations that result from willful neglect but are not corrected.

The maximum penalty for multiple violations is $1.5 million per calendar year.

The new penalty amounts apply to HIPAA violations occurring on or after Feb. 18.

Several other changes also were made to HIPAA as part of the American Recovery and Reinvestment Act of 2009. They include:

Notification within 60 days of a privacy breach involving an individual’s HIPAA-covered personal health information.

Business associates, such as consultants and third-party administrators, must meet most security requirements that previously applied only to covered entities.

Notification of the Department of HHS and the media in privacy breaches involving 500 or more individuals.

Authorization of state attorneys general to bring suit for HIPAA violations.

HHS’s regulations implementing these other changes were published earlier this year.

The Office for Civil Rights is accepting comments on the interim final rule until Dec. 29.

To access a copy of the interim final rule, go to: http://edocket.access.gpo.gov/2009/E9-26203.htm.

Risk Management

In Risk Management you'll also find:

Specialty Risks

In Specialty Risks you'll also find:

Workers Comp

In Workers Comp you'll also find:

Mid-Market Executive

In Mid-Market Executive you'll also find:

Brokers & Insurers

In Brokers & Insurers you'll also find:

Benefits Management

In Benefits Management you'll also find:

Joanne Wojcik

HHS publishes interim final HIPAA rule

Comments

You may also want to visit

Sign Up For Channel Newsletters

UPCOMING EVENTS

Risk Management Summit

February 29, 2012 | New York

Risk Manager of the Year®

April 17, 2012 | Philadelphia, PA

View All Business Insurance Awards & Events >

LISTS & RESEARCH

Telecommuting Risks

Published December 2011

Directory of Employee Assistance Program Providers

Published December 2011

View All Business Insurance Lists & Research >

Current Issue

About

Advertise

Reader Services

Media

Resources

Insights Today
for the Risks of Tomorrow

In Risk Management you'll also find:

In Specialty Risks you'll also find:

In Workers Comp you'll also find:

In Mid-Market Executive you'll also find:

In Brokers & Insurers you'll also find:

In Benefits Management you'll also find:

HHS publishes interim final HIPAA rule

Comments

You may also want to visit

Sign Up For Channel Newsletters

UPCOMING EVENTS

February 29, 2012 | New York

April 17, 2012 | Philadelphia, PA

LISTS & RESEARCH

Published December 2011

Published December 2011

Current Issue

About

Advertise

Reader Services

Media

Resources

Insights Today for the Risks of Tomorrow

Insights Today
for the Risks of Tomorrow