Yet another layer of regulation has been added to the Health Insurance Portability and Accountability Act (HIPAA) that offers even greater protection for healthcare patients' privacy, while also defining new rights regarding how they can access their health records.
The biggest change is the expansion of HIPAA compliance requirements to include trading partners and third parties who also handle patient data, such as billing companies, contractors, and more. The U.S. Department of Health and Human Services (HHS) reports that these third parties have been responsible for several significant data breaches which is one reason the responsibility for compliance has been extended to this group.
Penalties for violating HIPAA compliance rules will be assessed based on the determined level of negligence, and can go as high as $1.5 million per incident.
Other issues addressed with the latest additions to the HIPAA regulations include more clarity in defining which types of breaches need to be reported, as well as how patients will be allowed to access and interact with their health records electronically.