hitech act

HITECH Act: Will Patients Cash-In On HIPAA Fines?


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Will HHS Hightech Act Allow Patients to Cash-In on HIPAA Fines?

Through the Hightech Act, The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will consider a new round of HIPAA regulation allowing patients to receive monetary compensation for their involvement in a data breach.

HHS is set to rollout as “Advance Notice of Proposed Rulemaking” in November of 2018. This is the first step in a formal process of drafting and creating a change to HIPAA regulation. This session will take comments from the general public into account to weigh in on the potential change to the regulation.

The reason for this potential change to the regulation is found in an associated piece of health care regulation. The HITECH Act, which was first passed in 2009, specifically calls upon HHS to propose a plan “under which an individual who is harmed by an act that constitutes an offense may receive a percentage of any civil monetary penalty or monetary settlement collected with respect to such offense.”

The HITECH Act sets standards for health care data in response to changes in health care technology that have emerged since HIPAA was first enacted in 1996. One such change was the implementation of the HIPAA Breach Notification Rule. The Breach Notification Rule sets protections for patient data that is involved in a breach of unsecured health care data.

This advance notice of proposed rule making takes these patient protections one step further, now giving patients a potential stake in the outcome of a HIPAA investigation. With patients more aware of their rights to their data and the potential for a payout in the event of a HIPAA investigation, the incentive for patients to report HIPAA violations could grow even more with the passage of this new regulation.

The most effective way to protect your business in the event of a HIPAA breach–regardless of whether or not this regulation passes–is to implement an effective HIPAA compliance solution in your behavioral health practice.

Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x