The American Recovery and Reinvestment Act includes changes to HIPAA, including:
- Much higher civil penalties for violations.
- Covered entities must disclose security breaches when client data is exposed.
- Business associates will be subject to the same civil and criminal penalties as covered entities.
The changes are not effective until February 2010.
David Mortman of Searchsecurity.com provides an overview of the changes here.
For a more comprehensive list of changes, see Thomson Hine (PDF).
Like this:
Like Loading...
Filed under Audit, Security
Tagged as 2010, act, breach, business associates, covered entity, data, david mortman, exposed, hipaa, penalty, recovery, reinvestment, searchsecurity.com, Security, thompson hine, violation
Is PCI still relevant? Some are proclaiming that PCI is irrelevant due to the recent, high-profile breaches. David Mortman disagrees, and I’m on his side.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Security
Tagged as auditor, baseline, breach, checklist, compliance, counselor, data leak protection, david mortman, dlp, fraud, internal auditor, pci dss, risk management 101, Security, sox, tight security, traffic analysis, whistleblowing
ITauditSecurity 