CT Breach Notification Case Proves HITECH's Worth

Editor's note: Senior editor Dom Nicastro covers the government health information data regulations for HealthLeaders Media and its parent company, HCPro, Inc. In a guest column this week, he writes about how the HITECH act is impacting state-level HIPAA compliance.

HITECH brings to light how much of a better job the healthcare industry must do to protect the privacy of its patients. Take one look at the Office for Civil Rights (OCR) breach notification website—you'll find 166 reasons why this is true.

That website is great to have: It is a public list where healthcare organizations can share lessons learned, analyze numbers and trends, and get a good look at which facilities are making big mistakes, some of which affect millions of patients.

But what's the real take-home when Congress writes a law like HITECH? A law that revamps the HIPAA privacy rules, calls for increased penalties and public scrutiny for violations, and extends the legal power of state attorneys to pursue cases for violators?

Is the goal to instill fear of non-compliance? Is it nabbing a posterchild such as Rite Aid, which paid $1 million to settle potential HIPAA violations? Is it keeping entities on their toes for the HITECH-required periodic audits?