They’re here, they’re severe: The new HIPAA team

by on

One of the little-known aspects of the HITECH Act — known better for its EMR subsidies  – is language allowing state Attorneys General to participate in HIPAA enforcement.

That might not sound like a big deal, but it is, health attorneys assure HEALTHCAREiX. If nothing else, it puts 50  powerful state officials on health providers’ tail — not just bureaucrats, gentle readers, but folks who win political points for slamming alleged wrongdoers.  The feds, meanwhile, have done virtually nothing with HIPAA since its inception.

Here’s some ideas on how to cope from David Harlow, a healthcare attorney who’s studied the matter:

“Get into full compliance — and stay there — so that you don’t become a test case (or an opportunity for a state AG to get some press for being tough on HIPAA scofflaws).  Not only do you need to adopt the policies and procedures called for under the Son of HIPAA rules — encryption, breach notification, beefed-up business associate agreements, and monitoring of business associates’ policies and procedures — you need to be sure that the policies and procedures are tailored to your business processes, that your personnel are fully-trained on the content and the importance of these policies and procedures, and that they are actually being followed in real life.”

The pursuit of HIPAA scofflaws has already begun. In January of this year, Connecticut AG Richard Blumenthal filed the first HIPAA complaint filed by a state Attorney General. Blumenthal lashed out at health insurer Health Net for losing data on about 250,000 members — then failing to notify consumers for six months.

Seems to me that it’s time to wave the white flag. Rather than glossing over any possible data loss, go straight to the state AG where you’re based and beg for clemency.  Cases like the one in Connecticut, where Health Net let things go for months, seem to trigger the biggest outrage.   While we’ve always had to worry about HIPAA, we’re entering an era where we’d really better be transparent and play nicely with Mr. or Ms. AG.

VN:F [1.9.7_1111]
Rating: 0.0/10 (0 votes cast)
VN:R_U [1.9.7_1111]
Rating: 0 (from 0 votes)

Leave a Comment

Previous post:

Next post: