The Health Insurance Portability and Accountability Act of 1996 defines required policies, procedures and guidelines for maintaining the privacy and security of individually identifiable health information as well as outlining numerous offenses and criminal penalties for violations. The HITECH provisions of the Economic Stimulus Act of 2009 significantly expanded the scope of HIPAA requirements including additional patient rights, heightened enforcements and increased penalties. Enforcement actions and penalties have been becoming more common and are occurring regardless of the size of the covered entity.

Solution features that address this area of law: