So while the govt wants to decrease healthcare by trying to jumpstart EMR & EHR records, as IT should decrease a lot of the paperwork, they’ve inserted new penalties in the ARRA/Section 13410 whereby any disclosure of these EMR / EHR records will now have penalites from $500 to $50,000 per occurrance and open the way for civil penalties (the above penalties are levied by govt)
See here and search for “Tiered Increase in Amount”
The funniest part of this is the lowest penalty is if the person had no knowledge they were stolen, so if you’re hacked and records show up, it’s almost a free pass. (my layman’s intepretation)
If however you leave a laptop with data on it, you could face the maximum.
So I’m left wondering how willing institutions will be to go to EMR/EHR records if they’re now going to have to buy insurance to cover fines if any of this data is breached.
On one hand, I’m all for some sort of penalty, as the various breaches over the past few years, while they recieved press, didn’t really amount to any real penalty (AFAIK). OTOH, opening it up for litigation through civil penalties will just make this more expensive.
I think this could have easily been solved by not focusing on data breech, but by focusing on why people are concerned about data breeches:
- loss of employment / employment opportunities if employer knows of a condition
- loss of insurance b/c of pre-existing condition
If they were to write a new provision / law that said employers and insurers can’t deny employment/insurance because of known conditions, it would have made this a lot easier