The purpose of this note is to outline the changes created by The American Recovery and Reinvestment Act of 2009 (ARRA), and the resulting implications for CIOs in the Healthcare industry. The bill increases penalties for privacy breaches and creates restrictions on how enterprises may share protected patient health information.
HIPAA's Past: Implications for a Healthcare IT CIO
In the past, many CIOs in Healthcare have simply chosen not to bear the expense of implementing the requirements of Health Insurance Portability and Accountability Act (HIPAA). The two most reported reasons for not investing in HIPAA compliance have been "no public relations or brand problems anticipated with non-compliance" and "no anticipated legal consequences for non-compliance."