2017 HIPAA Software

HIPAA Rules

Other Resources

Last updated


HIPAA Enforcement Rule and Compliance

The HIPAA Enforcment Rule stems directly from the ARRA HITECH Act provisions that distinguishes between violations occurring before, and on or after the compliance date of Feb. 18, 2017 "with respect to the potential amount of civil money penalty and the affirmative defense available to covered entities," according to the rule.

ARRA describes "improvements" to existing HIPAA law, covered entities, business associates and others will be subject to more rigorous standards when it comes to protected health information (PHI) The HITECH Act expands the scope of the HIPAA Privacy and Security Rules and increases the penalties for HIPAA violations.

Specificially, the HITECH Act addresses five main areas of the HIPAA regulations:

Applies the same HIPAA privacy and security requirements (and penalties) for covered entities to business associates

Establishes mandatory federal privacy and security breach reporting requirements for HIPAA covered entities and business associates

Creates new privacy requirements for HIPAA covered entities and business associates, including new accounting disclosure requirements and restrictions on sales and marketing

Establishes new criminal and civil penalties for HIPAA non-compliance and new enforcement methods

Mandates that the new security requirements must be incorporated into all Business Associate contracts