A lot has been written about HITECH and the impact on the security efforts at healthcare organizations. The changes with regards to security can be summed up in a few statements:
- Breach Notification means organizations have to tell the world when they have a breach (self reporting on weak security controls?)
- Criminal and Civil Penalties are more likely (enhanced enforcement) and have been increased significantly.
- Business Associates and their employees must now comply with HIPAA
It is always better to PREVENT a breach, then REPORT a breach.