Civil Penalties for HiTech Violations

Civil Penalties for HiTech Violations

On October 30, 2009,  interim final regulations were issued by HHS’ Office for Civil Rights relating to civil monetary penalties, arising from violations of the HiTech law (Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009).  These rules amend the four tiers of civil penalties that can be imposed upon covered entities, as defined by the HIPAA Administrative Simplification laws, to provide for penalties in the event of any HITECH violations relating to breach of medical information (seeBreach Notification Rules Issued).  Below is the revised table of potential penalties:

Table 1—Categories of Violations and Respective Penalty Amounts Available

Violation category

Each violation

All such violations of an identical provision in a calendar year

Did Not Know

$100–$50,000

$1.5M

Reasonable Cause

1,000–50,000

$1.5M

Willful Neglect—Corrected

10,000–50,000

$1.5M

Willful Neglect—Not Corrected

50,000

$1.5M

These regulations take effect November 30, 2009.

 

The information contained in this Benefit Beat is not intended to be legal, accounting, or other professional advice, nor are these comments directed to specific situations.

As required by U.S. Treasury rules, we inform you that, unless expressly stated otherwise, any U.S. federal tax advice contained in this Benefit Beat is not intended or written to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed by the Internal Revenue Service

 

Civil Penalties for HiTech ViolationsOn October 30, 2009,  interim final regulations were issued by HHS’ Office for Civil Rights relating to civil monetary penalties, arising from violations of the HiTech law (Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009).  These rules amend the four tiers of civil penalties that can be imposed upon covered entities, as defined by the HIPAA Administrative Simplification laws, to provide for penalties in the event of any HITECH violations relating to breach of medical information (seeBreach Notification Rules Issued).  Below is the revised table of potential penalties:...2009-11-05T17:00:00-05:00

On October 30, 2009,  interim final regulations were issued by HHS’ Office for Civil Rights relating to civil monetary penalties, arising from violations of the HiTech law (Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009).  These rules amend the four tiers of civil penalties that can be imposed upon covered entities, as defined by the HIPAA Administrative Simplification laws, to provide for penalties in the event of any HITECH violations relating to breach of medical information (seeBreach Notification Rules Issued).  Below is the revised table of potential penalties: