dkatana writes "The US Department of Health and Human Services (HHS) is set to publish a new set of HIPAA rules this week, including stringent privacy and security provisions on how to treat patient privacy. CIOs will need to get ready for some fast and sweeping changes.
"Covered entities must ensure that they obtain satisfactory assurances required by the Rules from their business associates, and business associates must do the same with regard to subcontractors, and so on, no matter how far 'down the chain' the information flows."
The fines for violations of the new rule can go as high as $1.5 million per violation."
Link to Original Source