Education

Healthcare

Government

Business

Non-Compliance Risks

 

 

NEWS    

SIGN UP TO ADD YOUR EMAIL TO THE HIPAA ALERT EMAIL LIST

Logo      HIPAA Solutions, LC    

Comprehensive Resources for HIPAA Compliance

 

February 1, 2010 - HIPAA Alert

HIPAA & HITECH Stronger Enforcement Environment  

"Secondary Enforcement" & Civil Litigation Create New Worries for CEs & BAs   

Black GavelReducing the risks of non-compliance with new rules enacted under the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the American Recovery and Reinvestment Act of 2009 (ARRA), means that every Covered Entity (CE) and Business Associate (BA) should take a hard look at their current levels of compliance with HIPAA on an enterprise-wide basis.

 

In the past, when questions arose about the right of an individual to sue using HIPAA, the quick answer was usually, "No - a person cant sue using HIPAA."  While that answer has been widely accepted and spread on the internet for years, the enforcement arena has changed.  

 

So, why should anyone worry about litigation and individual lawsuits now if your organization is either a Covered Entity (CE) or a Business Associate (BA)? There's a simple answer . . . the HITECH Act is the new HIPAA "sheriff" in town and HITECH has changed the face of enforcement with serious penalties for non-compliance. 

 

Of more than passing interest is the fact that HITECH allows "Class Action" lawsuits as a method of enforcing HIPAA.  The excerpts in this newsletter from recent health sector publications by the AMA and Health Data Management point out some of the pitfalls waiting for those who take compliance lightly. 

 

The Attorney General of the State of Connecticut has just initiated the first class action lawsuit against related to the new regulations.  While the purpose of this HIPAA Alert is not to re-iterate what can be found on the Internet concerning the first HIPAA class action lawsuit, the articles provide a basis for providing some practical tips on what it can mean to your organization.

 

A recent amednews.com headline gives the bad news for non-compliance . . .   

 

"Connecticut sues Health Net over data security breach."  
 
The article gives the following details . . .  "The insurer becomes the first plan sued under a new law allowing attorneys general to enforce HIPAA privacy laws..."

 

 

If you need to discuss how an audit of compliance status or using compliance software tools can assist you in achieving and maintaining compliance, contact HIPAA Solutions, LC.   

 

________________

amednews.com

Laws bolster penalties for privacy breaches in California

In the wake of multiple high-profile cases of snooping, the state cracks down on unauthorized looks at medical files.

By Pamela Lewis Dolan, AMNews staff. Dec. 1, 2008.

Eyes will be on California starting next year, but they won't be peeking into medical records.

At least that's Gov. Arnold Schwarzenegger's hope; in September he signed into law two bills that put some teeth into patient privacy rules and give doctors good reason to comply.

Under the new laws taking effect Jan. 1, 2009, the state has significantly increased fines not only for the illegal use of medical records but also for unauthorized access of records. The laws also open the door for patients to sue doctors when their records are accessed, even if there is no damage.  . .. . . (Full Article)

________________

U.S. Department of Health and Human Services (HHS)

February 17, 2009

CVS Pays $2.25 Million and Toughens Practices to Settle HIPAA Privacy Case

The U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) today announced that CVS, the nation’s largest retail pharmacy chain, will pay the U.S. government a $2.25 million settlement and take corrective action to ensure it does not violate the privacy of its millions of patients when disposing of patient information such as identifying information on pill bottle labels. (Full Article)

________________

American Health Information Management Association

- Journal of AHIMA - http://journal.ahima.org - February 6, 2009

VA to Pay $20 Million in Data Breach Case

Posted By Kevin Heubusch

On February 6, 2009 @ 7:31 am In Compliance, Privacy and security |

Last week the Department of Veterans Affairs announced it would pay $20 million to settle a class action lawsuit resulting from a stolen laptop. The case resonated with a data breach story [1] Journal writer Chris Dimick had just written for the current print issue, and he circled back with two law experts featured in the story to get their comments.. . . . (Full Article)

________________

COMPUTERWORLD

February 4, 2009

Obama health care plan said to boost security, privacy controls

Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns
Jaikumar Vijayan

February 4, 2009 (Computerworld) The electronic health records plan in President Barack Obama's $825 billion economic stimulus bill aims to boost security and privacy controls beyond those now required under the Health Insurance Portability and Accountability Act (HIPAA). . . . (Full Article)

________________

HIPAA ENFORCEMENT

©HIPAA Solutions, LC 2010