New HIPAA rules get tough on security breaches

The economic stimulus legislation prescribes bonuses for doctors who acquire electronic health records, but it also includes tough new Health Insurance Portability and Accountability Act regulations that require practices to alert patients of information security breaches.

The additional rules obligate physicians to individually notify patients and the local media if there has been a security breach of "protected health information," such as theft of a laptop or computer hard drive containing patient information.

"It's a significant expansion of HIPAA on both the privacy and security side," says attorney Ed Gaines, with CBIZ Medical Management Professionals.