US Senators Mark Pryor (D-AR) and Jay Rockefeller (D-WV) have moved to pass legislation that would ensure the “robust” protection of sensitive healthcare data.
The bill – dubbed the “Data Security and Breach Notification Act of 2010” – would require healthcare entities and their business associates to comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act or any other federal law with equal stringencies.
As such, Dom Nicastro of HealthLeaders Media recommended that healthcare entities monitor the bill’s progress due to new privacy and security laws in HITECH that call for greater patient rights to protected health information (PHI) and increased penalties for breaches of unsecured PHI.
He also noted that the bill extended civil action power to state attorneys generals, in a method similar to HITECH.
In addition, the bill includes a maximum penalty of $11,000 per day for every 24 hours an entity is found not to be in compliance and caps a single violation at:
- $5 million for each violation of the security and compliance requirements.
- $5 million for all violations of the breach notification requirements.
The bill is currently pending in the Committee on Commerce, Science and Technology.