On February 17, 2009, The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law. The official title is Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act.

The goal of the provision was to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. This provision is important to the entire health care industry, including covered entities, business associates of covered entities, contractors tied directly to the covered entities and its business partners.

A Key component of the HITECH Act, Section 13410(d), which became effective on February 18, 2009, revised section 1176(a) of the Social Security Act (the Act) by establishing:

It also amended section 1176(b) of the Act by:

The Breach Notification Standard

The Office of Civil Rights (OCR) investigates HIPAA violations and can charge $100 – 50,000 per violation. That gets capped at $1.5 million for multiple violations. The charges are harsh to help ensure that data is safe and companies are following the HIPAA rules.

Sonte Consulting can significantly reduce your organizations exposure to punitive damages due to HIPAA/HITECH violations.