Changes in HIPAA Rules Could Award Damages to Victims for Breaches

OCR could raise HIPAA penalties and award damages to victims of data breaches

posted by Rich Delaney, CTO

May 30, 2018

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is planning to issue an advance notice of proposed rulemaking this November that could be a major game changer for HIPAA breach settlements.

According to the Data Protection Report, the OCR plans to get public input on a policy change that would require HIPAA settlements to be shared directly with the victims of their respective data breaches.

The proposal would amend Section 13410(c)(3) of the HIPAA Hi-Tech Act (HITECH), which addresses privacy and security concerns of transmitting health information electronically by imposing civil and criminal penalties for HIPAA violations by creating a process requiring a percentage of any penalty or settlement paid for a HIPAA violation causing harm to others to be distributed between the victims of the breach.

The Data Protection Report looks at some of the biggest obstacles the OCR will encounter with the proposed policy change

At this time the OCR hasn't determined how they could generate the appropriate compensation for those harmed by a breach. Currently determining actual damages is a very difficult task in most cases because damages from an information breach is very hard to prove.

The proposed change could also lead to higher breach settlements to appropriately compensate victims

Your Firewall and Antivirus Won’t Protect Your Practice from a Data Breach or A HIPAA Audit. Call or Click Now to Speak with A Human at DCS And Find Out What We Can Do to Help Get Your Organization Up To Speed And Avoid The Avoidable Massive Fines And Penalties.

Call Now!