Proposed: Bigger Health Data Loss Penalty

U.S. Health & Human Services Secretary Kathleen Sebelius has announced that her agency is proposing to boost potential penalties for hospitals, insurers and other businesses that allow security breaches of medical records.

The Hartford Courant reported the proposed penalty increase, which broadens the provisions of the Health Insurance Portability and Accountability Act of 1996, known by its acronym, HIPAA. The altered regulations would apply to a wider group of people who have access to a person's medical information, such as business associates of hospitals, doctors and insurers. The new fines would be a maximum of $50,000 per violation, totaling up to $1.5 million per year.

Deliberate privacy rules breaches could cost violators as much as $1.5 million. The move follows a legal settlement between the office of Connecticut Attorney General Richard Blumenthal and insurer Health Net, which agreed to pay a fine over a lost disk drive containing names, addresses, Social Security numbers and medical information for 500,000 Connecticut residents and 1.5 million patients nationwide, NBC Connecticut.com reported.

The company concealed the loss of the disk for months, and eventually said it mostly likely had been stolen.