The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 was established to protect PHI. In 2013 the Omnibus was created to enforce the Act along with establishing a tiered system for assessing the level and fine for each violation.
* Tier A: For violations in which the offender did not realize he or she violated the Act and would have handled the matter differently if he or she had. This results in a $100 fines for each violation and the total imposed for such violations cannot exceed $25,000 for the calender year.
*Tier B: For violations due to reasonable cause, but not "willful neglect". The result is a $1,000 fine for each violation and fines cannot exceed $100,000 for the calender year.
*Tier C: For violations due to willful neglect that the organization ultimately corrected. The result is a $10,000 fine for each violation and the fine cannot exceed $250,000 for the calender year. Corrections must be made with in 30 days or the fine will be escalated to Tier D.
*Tier D: For violations of willful neglect that the organization has not corrected in the 30 day period. This escalates the fines to $50,000 for each violation and fines cannot exceed $1,500,000 per calender year.
The HITECH ACT also allows the individual states attorney general to levy fines and seek attorneys fees from covered entities on behalf of the victims. Courts now have the ability to award cost, which they were previously unable to do.