As we mentioned in last week’s Webinar on the HIPAA Final Omnibus Rule, there are less than nine short months for covered entities and their business associates (and all downstream business associates) to comply with the HIPAA final rules. For those entities that have already taken steps following the release of the HITECH interim rules, the… Continue Reading
Tag Archives: Enforcement
HIPAA Final Rule Clarifies Business Associate Obligations
Posted in RulemakingBusiness Associates: You’re on notice. When the Health Information Technology for Economic and Clinical Health Act (“HITECH”) was enacted nearly four years ago, business associates were aware that HIPAA compliance was going to be required of them – they were just not sure of the extent. Historically, business associates have been required to comply with… Continue Reading
OCR RELEASES STATE ATTORNEYS GENERAL HIPAA TRAINING MATERIALS
Posted in EnforcementWith the enactment of HITECH in 2009, State Attorneys General became a player in the HIPAA enforcement game. Section 13410(e) of HITECH permits State Attorneys General to obtain damages on behalf of state residents or to enjoin further violations of the HIPAA Privacy and Security Rules. In 2011, the Office for Civil Rights (OCR) developed… Continue Reading
HIPAA Criminal Liability May Be Significant
Posted in EnforcementA recent decision serves as a reminder that violations of HIPAA may trigger criminal liability. The Ninth Circuit Court of Appeals held that a former hospital employee is subject to HIPAA’s criminal penalties for the unauthorized access to patient records after he was terminated. The former employee was sentenced to four months in prison, followed… Continue Reading
HIPAA Enforcement Targets Small Physician Practice
Posted in EnforcementA 5-physician practice in Phoenix was the target of HHS Office of Civil Right’s (“OCR”) most recent enforcement action. The practice agreed to pay HHS a resolution amount of $100,000, as well as enter into a Corrective Action Plan, for its fialure to comply the most fundamental of HIPAA requirements. As I discussed at the… Continue Reading
HIPAA Business Associate Becomes Target of State AG Enforcement
Posted in Business Associate, EnforcementA recent complaint filed by the Minnesota State Attorney General against a HIPAA business associate seeks to recover statutory damages for multiple alleged violations of the HIPAA Security Rule. Following last year’s HHS OCR enforcement targeting HIPAA covered entities, this latest HIPAA enforcement should place all business associates on notice that enforcement authorities have them… Continue Reading
Proposed 2013 Budget Will Decrease Funding for OCR HIPAA Enforcement
Posted in EnforcementThe President’s fiscal year 2013 budget proposes to decrease funding for the Department of Health and Human Services Office of Civil Rights (“OCR”) by $2 million. The estimated budget allocates $39 million to the agency charged with HIPAA enforcement, down from an estimated $41 million in fiscal 2012. In light of OCR’s enhanced enforcement capabilities… Continue Reading
FINAL HITECH RULES IMMINENT: ARE YOU READY?
Posted in RulemakingThe Office of Civil Rights has set a March 2012 target date for release of the long-awaited final HITECH rules. These rules amend HIPAA’s privacy and security regulations, and put real teeth into the government’s HIPAA enforcement efforts as they relate to non-compliance by health care providers (as well as other covered entities) and their… Continue Reading