The HIPAA Security Rule sets the standards for the security of electronic personal health information. The Security Rule specifies a series of administrative, technical, and physical security procedures for entities to use to assure the confidentiality of electronic protected health information and include standards for reuse, accountability, storage and end of life data destruction.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act or “The Act”) is part of the American Recovery and Reinvestment Act of 2009. Under the HITECH Act, business associates of health care providers are now directly “on the compliance hook,” meaning entities such as service providers and other associates processing or handling health information are required to comply with the safeguards contained in the Security Rule (SR).
Penalties can extend up to $250,000, with repeat/uncorrected violations extending up to $1.5 million.