Expect More Fines and PHI Security Regulations in HIPAA ‘Mega-Rule’

February 4, 2013 – In The News
Medical Practice Compliance Alert

The HIPAA 'mega-rule' has finalized rules about HIPAA privacy and security breach notification, enforcement and the Genetic Information Nondiscrimination Act (GINA), which tightens the agency's stance on penalizing a breach of protected health information.

"It was not an accident that HHS announced its first settlement for a small HIPAA breach right before the rule was released. The government is watching for great and small breaches," said Michael Kline.

Elizabeth Litten said OCR can now look at additional factors when determining the amount of civil monetary penalty to impose, such as reputational harm to a patient and past history of an entity's noncompliance. "So it's a bigger stick," she said.