HIPAA gets teeth

HITECH provides for financial incentives for implementing Electronic Heath Records (EHR). It also expands the enforcement actions already available under HIPAA. This is evolving and changing as it is implemented.

Here is the Full Text if you must.

Regarding security matters HITECH basically provides that:

• Mandatory penalties for non-compliance (do nothing and you are at risk)
• Periodic audits of covered entities (this could be you)
• Data breach notification (if you are compromised you have 60 days to let them know)
• Business Associates and Agreements (if we provide your security we are liable also and that is why we are so good at this)