Will HHS Allow Patients to Cash-In on HIPAA Fines?
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will consider a new round of HIPAA regulation allowing patients to receive monetary compensation for their involvement in a data breach.
HHS is set to rollout as “Advance Notice of Proposed Rulemaking” in November of 2018. This is the first step in a formal process of drafting and creating a change to HIPAA regulation. This session will take comments from the general public into account to weigh in on the potential change to the regulation.
The reason for this potential change to the regulation is found in an associated piece of health care regulation. The HITECH Act, which was first passed in 2009, specifically calls upon HHS to propose a plan “under which an individual who is harmed by an act that constitutes an offense may receive a percentage of any civil monetary penalty or monetary settlement collected with respect to such offense.”
The HITECH Act sets standards for health care data in response to changes in health care technology that have emerged since HIPAA was first enacted in 1996. One such change was the implementation of the HIPAA Breach Notification Rule. The Breach Notification Rule sets protections for patient data that is involved in a breach of unsecured health care data.
This advance notice of proposed rule making takes these patient protections one step further, now giving patients a potential stake in the outcome of a HIPAA investigation. With patients more aware of their rights to their data and the potential for a payout in the event of a HIPAA investigation, the incentive for patients to report HIPAA violations could grow even more with the passage of this new regulation.
The most effective way to protect your business in the event of a HIPAA breach–regardless of whether or not this regulation passes–is to implement an effective HIPAA compliance solution in your behavioral health practice.
If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.