Will HHS Hightech Act Allow Patients to Cash-In on HIPAA Fines?
Through the Hightech Act, The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will consider a new round of HIPAA regulation allowing patients to receive monetary compensation for their involvement in a data breach.
HHS is set to rollout as “Advance Notice of Proposed Rulemaking” in November of 2018. This is the first step in a formal process of drafting and creating a change to HIPAA regulation. This session will take comments from the general public into account to weigh in on the potential change to the regulation.
The reason for this potential change to the regulation is found in an associated piece of health care regulation. The HITECH Act, which was first passed in 2009, specifically calls upon HHS to propose a plan “under which an individual who is harmed by an act that constitutes an offense may receive a percentage of any civil monetary penalty or monetary settlement collected with respect to such offense.”
The HITECH Act sets standards for health care data in response to changes in health care technology that have emerged since HIPAA was first enacted in 1996. One such change was the implementation of the HIPAA Breach Notification Rule. The Breach Notification Rule sets protections for patient data that is involved in a breach of unsecured health care data.
This advance notice of proposed rule making takes these patient protections one step further, now giving patients a potential stake in the outcome of a HIPAA investigation. With patients more aware of their rights to their data and the potential for a payout in the event of a HIPAA investigation, the incentive for patients to report HIPAA violations could grow even more with the passage of this new regulation.
The most effective way to protect your business in the event of a HIPAA breach–regardless of whether or not this regulation passes–is to implement an effective HIPAA compliance solution in your behavioral health practice.