Home / News / HIPAA and HITECH Requirements

News

HIPAA and HITECH Requirements

As of February 18, 2011, the HHS implemented the requirement to impose civil monetary penalties in cases of “willful neglect”; applies to violations discovered on or after. The term “willful neglect” is not clearly defined and will be determined by HHS on a case-by-case basis. Depending upon how tight you are with your security could put you at substantial risk.  Penalties and fines for first time offenders not in compliance could be as much as  $250k and, for repeat offenders, as much as $1.5M.

Are you comfortable with where you are on HIPPA and HITECH compliance?  We are sure you are, but recently we’ve run into several organizations who “never got around to” addressing this issue thoroughly, even though the date for compliance has past and auditing could occur.
 
If you are not, or know someone who isn’t, we have developed a HITECH Survival Guide to help address any concerns regarding compliance.  In addition to the compliance consultation, we provide the tools necessary to help you take proper action should a breech occur.
 
The HITECH Act required HIPAA-covered entities to notify the Secretary of Health and Human Services and the affected individuals when their protected information has been compromised.  Notice must be given to the individuals whose data is affected “without unreasonable delay” and no later than 60 days after the breach occurs.  Similarly, business associates that experience a breach are required to notify the covered entities with which they have contracted, and the covered entities will then notify the affected individuals.  If the breach involves 500 people or more, the covered entity will also be required to notify major media outlets.
 
Please contact Megan Erway at merway@banyan-llc.com to discuss further or visit us at www.banyan-llc.com for more information about us.