American Healthcare Information Security In Need of a Well Visit; $1.5 Million HIPAA Violation Penalties Accompany Government Funding For Electronic Health Records

Share Article

Hidden within the American Recovery and Reinvestment Act are increased penalties for HIPAA violations and changes to how Health and Human Services will be investigating violations. These changes could mean significant problems for all covered entities as defined under the HIPAA regulations. To prevent an unwelcome surprise all covered entities should have their HIPAA IT security practices audited by a professional IT security firm.

HIPAA IT Security Courtesy of Konsultek

It's not for the reasons that you might think

Is there an IT Doctor in the house? That is the question that many healthcare providers large and small may soon be asking themselves. Why? "It's not for the reasons that you might think," according to Judith Buckardt, president of Konsultek, an information security firm headquartered in Chicago.

"Of course Electronic Health Records (EHR) are getting all the attention in the media. And certainly implementing an EHR system will be a major IT undertaking for any healthcare provider. But more importantly, and what is not being talked about, are the major changes to the Health Insurance Portability and Accountability Act (HIPAA) that snuck in as part of the American Recovery and Reinvestment Act of 2009 (ARRA)."

Buckardt continues "Contained within ARRA was a significant increase in the penalties for HIPAA violations and significant changes in the administration of HIPAA."

Prior to ARRA, HIPAA was administered via a voluntary compliance approach with a maximum penalty of $25,000. This approach has changed under ARRA. The maximum annual civil penalty per violation is now $1.5 million. As of February 17th Health and Human Services has been given the statutory duty to investigate HIPAA violations and State attorneys general can now bring suit against both covered entities and their business associates when a HIPAA violation occurs.

Whether you are implementing an EHR system or not Buckardt's advice to healthcare providers of all sizes is this; "Make sure your practice undergoes a thorough IT security audit from an independent 3rd party expert, especially if you will be implementing an EHR solution. The stakes are simply too high not to take this precaution."

Additional Resources
Konsultek's white paper titled Is There an IT Doctor in the House? Dealing With the HIPAA Security Rule and EHR Security Compliance in a Small Healthcare Practice is available to those interested in learning more about HIPAA compliance issues and the security considerations surrounding EHR.

To request your copy of the white paper simply email or call 847.426.9355

Company Profile
Konsultek's information security team develops and implements cyber security plans that protect critical infrastructure and information. Since 1994 Konsultek has been delivering technology solutions that Connect, Protect, Inform, & Manage the information of clients from Fortune 100 corporations to local businesses.

Konsultek's United States headquarters is located just west of Chicago, Illinois in the Elgin technology corridor. Konsultek Europe, Ltd. is located in England.

For more information on the capabilities of Konsultek HIPAA IT visit or call 847.426.9355

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Judith Buckardt
Visit website