Blog

Hemorrhaging $$$

2010 saw a rash of general data privacy regulations go into effect on both the state and national levels.

2010 saw a rash of general data privacy regulations go into effect on both the state and national levels. It appears 2011 will be the year that vertical industries such as healthcare tighten requirements and impose heavier consequences. Health Data Management News reports: Adam Greene, senior health IT and privacy advisor in the OCR, outlined a slew of changes to existing regulations. The final HITECH privacy, security and breach notification rules will arrive in 2011 and be issued together, Greene said, to minimize staggered compliance dates and changes to notices of privacy practices. The rules need to be revised to reflect the more widespread use of electronic data and electronic health records, Greene said. He told a packed room at HIMSS11 that financial penalties for single privacy and security violations will be increased to $50,000 per violation, with a maximum penalty per year of $1.5 million per provision of the rules. He noted that these penalties could be enormous considering that many breach incidents are found to contain multiple violations. Subcontractors/ outsourced resources will also be held accountable under these rules, so no matter what size business or level of involvement, it is essential that organizations lockdown their data proactively. If these types of of rules aren't a wake-up call, I don't know what is!