Stimulus Package Steps Up Health Data Privacy, Security

Health care providers are gearing up to meet the privacy and security provisions of the American recovery and Reinvestment Act. Under the health IT provisions of the federal stimulus package, all entities that handle protected health information must comply with HIPAA privacy regulations. In addition, the stimulus law calls for health care providers to: Notify all affected patients within 60 days of a security breach; Report security breaches to the HHS secretary and prominent media outlets if the incident affects more than 500 individuals; Track all personal health information disclosures; and Upon patient request, provide an account of every disclosure for the previous three years. Experts say health care facilities could face serious penalties if they fail to comply with the new security provisions of the federal stimulus package.