Stimulus Bill significantly modifies HIPAA regulations
Buried within the huge American Recovery and Reinvestment Act (a.k.a, the “Stimulus Bill”) are a few changes to HIPAA’s Privacy and Security Rules, increasing the scope of coverage to include Business Associates. This means data security providers, contractors, and partners can be directly fined for informational security breaches that occur on their watch. The bill also increases the penalties for some of the violations.
Previously, Business Associates were required to comply only with a written business associate agreement. Now Business Associates are subject to many of the same requirements hospitals and medical providers are. They will be required to appoint a security official, develop written policies and procedures pertaining to data leakage, and training its workforce in electronic data protection.
In addition, breach notification requirements were increased. If a breach occurs, the specific business entity that has the breach will be required to notify every individual affected by the security breach. If current contact information is not available, the entity may be required to post notification on their website or in some other broadcast medium (television, newspapers). The bill also provides for the creation of a website by the Health and Human Services department to list information about these breaches.
Source: Stimulus Bill dramatically modifies HIPAA rules
Related posts:
- Links of the Week: Data Security Edition There were some great articles on CIO.com this week relating...
- Buy a used hard drive on eBay, get government secrets for free! Imagine it, you purchased a computer on eBay, plug it...
- 10 Tips for Protecting Business Data How do you protect confidential business data? Here are 10...
March 21st, 2009 at 6:35 am
I am *so* glad that I have avoided writing any software which comes anywhere near a business which is regulated by HIPAA!