Health Records Firms Face Increasing Privacy Liability

U.S. companies that partner with hospitals and other health providers could face steep fines if they disclose private patient information under a new federal rule proposed Thursday.

Billing companies, customer service contractors and other businesses regularly handle private health records, but currently, they are not liable for information breaches.

The proposed rule would treat these companies the same as doctors, hospitals and insurance companies that already face penalties for disclosing private information, such as a patient’s medical or payment history.

The maximum civil penalties are $50,000 per violation, and $1.5 million a year.

“That means we have much greater ability to keep personal health information safe and secure,” U.S. Health Secretary Kathleen Sebelius said at a news conference.

The Department of Health and Human Services, which issued the rule, also announced it would post summaries of all major breaches online.

“There have been a number of incidents and complaints that we have received over the years that do involve business associates having lost information, or misdirected information, or otherwise mishandled their protected health information,” said Susan McAndrew, deputy director for health information at the HHS Office of Civil Rights.

The move is the latest in a broader effort by the Obama administration to update and streamline the medical records system in the United States.

The changes are authorized under the HITECH act, a measure included in the 2009 stimulus package to encourage doctors and hospitals to adopt electronic health records.

The rule announced Thursday extends the reach of the Health Insurance Portability and Accountability Act, or HIPAA, which protects patient privacy and sets security standards for electronic health records.

The changes would be “the most sweeping improvements to HIPAA practice and security standards since they went into effect in 2003,” Sebelius said.

Earlier this year, the agency sharply increased the maximum penalties. Previously the maximum amount was $100 per violation and $25,000 a year, Sebelius said.

The health agency will take comments on the proposed rule over the next two months.

(Reporting by Jon Lentz; editing by Andre Grenon)

Was this article valuable?

Here are more articles you may enjoy.

Beyond the Claim: How Social Canvassing is Transforming Insurance Fraud Detection

SC High Court Strikes ‘Troubling’ Denial of Comp Claim, Says Can’t Be Based on Stats

CoreLogic Report Probes Evolving Severe Convective Storm Risk Landscape

Harvard Study Again Stirs the Pot on Demotech Ratings of Florida Carriers

Email This

Latest Comments

July 13, 2010 at 5:00 am

Nobody says:

Insurance carriers are never held accountable for anything they have regulators on their payroll! They may get slapped with a fine but Insurance can do anything they want to a... read more
July 13, 2010 at 8:00 am

Mike says:

Exactly when are insurance carriers to be held to the same standard?...Wellpoint just lost health and personal information on almost 500,000.00 members (see article below)...H... read more
July 12, 2010 at 6:33 am

Nobody says:

I can't believe that Dr's were forced to put all medical information on computer. Who was the stupid putz that enacted this law? I CAN TELL YOU ONE THING IF MY MEDICAL INFORMA... read more

Want to stay up to date?