Published on November 4, 2009 at 12:04 AM
Information Week reports that the Department of Health and Human Services has issued a rule to "beef up penalties for violations of the Health Insurance Portability and Accounting Act (HIPAA)." But the rule has generated complaints from a bipartisan group of congressmen, who argue it leaves loopholes and doesn't properly determine when privacy has been breached.
"The new rules significantly increase penalty amounts that the U.S. Department of Health and Human Services can impose for HIPAA violations of patient privacy, according to a statement from HHS. The new rules reflect requirements enacted in the Health Information Technology for Economic and Clinical Health (HITECH) sections of the American Recovery and Reinvestment Act (ARRA) of 2009. ... The HITECH act increases civil financial penalties by establishing tiered ranges of increasing minimum penalties, with a maximum $1.5 million for all violations of identical provisions" (Wagner, 11/2).