It has been proposed that 3rd party systems who had been exempt from HIPAA, like billing companies, customer service contractors and others who received patient information, should be held accountable at the same degree as hospitals and healthcare providers. Violation of privacy rules would subject them to fines.
This is not just a slap on the wrist. HHS increased the maximum penalty for violations to $50,000 per violation and $1.5 million per year.
The Office for Civil Right’s regulatory power over HIPAA’s privacy would be strengthened by this proposal along with greater accessibility for personal data to people.
According to David Blumenthal, the National Coordinator of Health IT, “This rulemaking will strengthen the privacy and seurity of health information, and is an integral piece of the administration’s efforts to broaden the use of health information technology in healthcare today”.
Additionally, the new proposal restricts personal information disclosures to health plans.
Change to current security practices would encourage more people to submit their information to personal health records and pave the way to improved or greater usage of information on electronic health systems as we move forward in the digital realm of medical practice.