HITECH Regulation Changes En Route
HEALTHCARE PRIVACY—U.S.February 23, 2011
Financial penalties for single privacy and security violations will be increased to $50,000 per violation with a maximum fine of $1.5 million under final HITECH privacy, security and breach notification rules, Health Data Management reports. Adam Green, senior health IT and privacy advisor at the HHS Office for Civil Rights (OCR) says changes to the current rules will be made under the OCR's authority, will arrive in 2011 and "need to be revised to reflect the more widespread use of electronic data and electronic health records." Besides steeper fines, key changes the OCR aims to implement include direct liability for business associates and subcontractors and restrictions on the use of patient data for marketing and fundraising, the report states.