American Healthcare Information Security In Need of a Well Visit; $1.5 Million HIPAA Violation Penalties Accompany Government Funding For Electronic Health Records

Hidden within the American Recovery and Reinvestment Act are increased penalties for HIPAA violations and changes to how Health and Human Services will be investigating violations. These changes could mean significant problems for all covered entities as defined under the HIPAA regulations. To prevent an unwelcome surprise all covered entities should have their HIPAA IT security practices audited by a professional IT security firm.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend

HIPAA IT Security Courtesy of Konsultek

It's not for the reasons that you might think

Chicago, Illinois (PRWEB) July 24, 2009

Is there an IT Doctor in the house? That is the question that many healthcare providers large and small may soon be asking themselves. Why? "It's not for the reasons that you might think," according to Judith Buckardt, president of Konsultek, an information security firm headquartered in Chicago.

"Of course Electronic Health Records (EHR) are getting all the attention in the media. And certainly implementing an EHR system will be a major IT undertaking for any healthcare provider. But more importantly, and what is not being talked about, are the major changes to the Health Insurance Portability and Accountability Act (HIPAA) that snuck in as part of the American Recovery and Reinvestment Act of 2009 (ARRA)."

Buckardt continues "Contained within ARRA was a significant increase in the penalties for HIPAA violations and significant changes in the administration of HIPAA."

Prior to ARRA, HIPAA was administered via a voluntary compliance approach with a maximum penalty of $25,000. This approach has changed under ARRA. The maximum annual civil penalty per violation is now $1.5 million. As of February 17th Health and Human Services has been given the statutory duty to investigate HIPAA violations and State attorneys general can now bring suit against both covered entities and their business associates when a HIPAA violation occurs.

Whether you are implementing an EHR system or not Buckardt's advice to healthcare providers of all sizes is this; "Make sure your practice undergoes a thorough IT security audit from an independent 3rd party expert, especially if you will be implementing an EHR solution. The stakes are simply too high not to take this precaution."

Additional Resources
Konsultek's white paper titled Is There an IT Doctor in the House? Dealing With the HIPAA Security Rule and EHR Security Compliance in a Small Healthcare Practice is available to those interested in learning more about HIPAA compliance issues and the security considerations surrounding EHR.

To request your copy of the white paper simply email or call 847.426.9355

Company Profile
Konsultek's information security team develops and implements cyber security plans that protect critical infrastructure and information. Since 1994 Konsultek has been delivering technology solutions that Connect, Protect, Inform, & Manage the information of clients from Fortune 100 corporations to local businesses.

Konsultek's United States headquarters is located just west of Chicago, Illinois in the Elgin technology corridor. Konsultek Europe, Ltd. is located in England.

For more information on the capabilities of Konsultek HIPAA IT visit http://www.Konsultek.com or call 847.426.9355

# # #


Contact

Attachments

EHR and HIPAA IT Security

Article describing the coming security challenges for healthcare practices looking to adopt EHR.