The passage of the HITECH Act increased penalties for information security negligence pertaining to PHI. The basis for the act requires organizations that handle PHI meet a baseline criteria for protection of data in transit, in use, at rest and when disposed. The HITECH Act is noteworthy because it provides definition around the protection of PHI and puts an emphasis on the encryption of PHI.
The penalties for HIPAA violations and data breaches of PII, PCI and PHI can be devastating to any organization and companies should not spare any expenses with regards to HIPAA compliance training and the securing of networks and data.