Education

Healthcare

Government

Business

Non-Compliance Risks

 

 

HIPAA ALERTS

SIGN UP TO ADD YOUR EMAIL TO THE HIPAA ALERT EMAIL LIST

________________

Logo        HIPAA Solutions, LC                   Comprehensive Resources for HIPAA Compliance

 

February 1, 2010 - HIPAA Alert

HIPAA & HITECH Stronger Enforcement Environment  

"Secondary Enforcement" & Civil Litigation Create New Worries for CEs & BAs   

 

Black GavelReducing the risks of non-compliance with new rules enacted under the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the American Recovery and Reinvestment Act of 2009 (ARRA), means that every Covered Entity (CE) and Business Associate (BA) should take a hard look at their current levels of compliance with HIPAA on an enterprise-wide basis.

 

In the past, when questions arose about the right of an individual to sue using HIPAA, the quick answer was usually, "No - a person cant sue using HIPAA."  While that answer has been widely accepted and spread on the internet for years, the enforcement arena has changed.  

 

So, why should anyone worry about litigation and individual lawsuits now if your organization is either a Covered Entity (CE) or a Business Associate (BA)? There's a simple answer . . . the HITECH Act is the new HIPAA "sheriff" in town and HITECH has changed the face of enforcement with serious penalties for non-compliance. 

 

Of more than passing interest is the fact that HITECH allows "Class Action" lawsuits as a method of enforcing HIPAA.  The excerpts in this newsletter from recent health sector publications by the AMA and Health Data Management point out some of the pitfalls waiting for those who take compliance lightly. 

 

The Attorney General of the State of Connecticut has just initiated the first class action lawsuit against related to the new regulations.  While the purpose of this HIPAA Alert is not to re-iterate what can be found on the Internet concerning the first HIPAA class action lawsuit, the articles provide a basis for providing some practical tips on what it can mean to your organization.

 

A recent amednews.com headline gives the bad news for non-compliance . . .   

 

"Connecticut sues Health Net over data security breach."  
 
The article gives the following details . . .  "The insurer becomes the first plan sued under a new law allowing attorneys general to enforce HIPAA privacy laws..."

 

In addition, Connecticut Attorney General Blumenthal warned . . ."Sadly, this lawsuit is historic -- involving an unparalleled health care privacy breach and an unprecedented state enforcement of HIPAA." 
 
Another article on the Health Data Management website also described the lawsuit in the following manner . . . . "Blumenthal is seeking a court order blocking Health Net from further HIPAA violations and requiring encryption of all protected health information on portable electronic devices. He also seeks civil fines."
 
PensiveSo, from a practical standpoint, what does this really mean for other CEs or BAs and how does this impact your organization?  The following tips explain how you can avoid some of the risks associated with the trend towards stronger enforcement. 
 
Practical TIP #1:  No matter how many times you have heard the phrase - "HIPAA will never be enforced," or ,a personal favorite, "You have a better chance of getting struck by lightning than being audited under HIPAA," . . . Audits and Enforcement are here to stay.  That means it's a good time to take a serious look at your full compliance process in both privacy and security and consider an audit or assessment to identify areas that need improvement. Using software tools such as the HIPAA ComplyPAK© to assist with managing the compliance process can also be a positive step towards achieving compliance. 
 
Practical TIP #2:  Accurately track all portable devices in your organization in accordance with all appropriate Privacy Regulations.  That's right, if you're going to make the effort to track your portable devices, then follow all Privacy Rule regulations relating to this activity.  If you have any question on what this means, you can contact HIPAA Solutions for a more thorough discussion.

 
Practical TIP #3:  Make sure that you are complying with all parts of the "old" HIPAA regulations, including both privacy and security . . . AND comply with all parts of the HITECH Act.  That means you should make a real effort to ensure that your compliance process is up to date with all changes in the law.  Please note, the HITECH Act adds a lot of new compliance  issues, including the need for conducting Risk Assessments in the event of a breach of unsecured PHI.

 

If you need to discuss how an audit of compliance status or using compliance software tools can assist you in achieving and maintaining compliance, contact HIPAA Solutions, LC.   

 ________________

HIPAA Special Alert February 2009

MASSIVE FINE LEVIED AGAINST CVS FOR HIPAA VIOLATIONS 

   CVS Pays $2.25 Million and Toughens Practices to Settle HIPAA Privacy Case 

 

February 18, 2009 - The U.S. Department of Health and Human Services and the Federal Trade Commission today announced that CVS, the nation's largest retail pharmacy chain, will pay the U.S. government a $2.25 million settlement and take corrective action to ensure it does not violate the privacy of its millions of patients when disposing of patient information such as identifying information on pill bottle labels. . . . .

ECONOMIC STIMULUS BILL ADDS TEETH TO HIPAA PRIVACY AND SECURITY REGULATIONS 

 

This HIPAA Alert summarizes major enforcement changes in the HIPAA laws that were enacted when the economic stimulus bill was signed into law by the President. . . . (Full Alert Article)

________________

HIPAA Alert February 2009

Times Are Changing For Healthcare Privacy
     Litigation & Legislative Activity

Until recently, there has been a lingering question in many healthcare and government organizations, "Will privacy of healthcare information or HIPAA ever really be enforced?" Another question, linked to privacy enforcement is, "Will the new Obama administration in Washington change the course of HIPAA enforcement and the attitudes towards protecting privacy of health information?" Recent developments in litigation and legislative initiatives may help in answering these questions. . . . (Full Alert Article)

________________

 

©HIPAA Solutions LC 2010