Header graphic for print
HealtHITech Law HIPAA, HITECH and Beyond


Posted in Enforcement

With the enactment of HITECH in 2009, State Attorneys General became a player in the HIPAA enforcement game.  Section 13410(e) of HITECH  permits State Attorneys General to obtain damages on behalf of state residents or to enjoin further violations of the HIPAA Privacy and Security Rules.

In 2011, the Office for Civil Rights (OCR) developed HIPAA training materials to help State Attorneys General to use their new authority to enforce HIPAA compliance.  OCR has now made these training materials, which include videos and slides from the 2011 state AG training sessions, available on its website.

Topics include:

  • General introduction to the HIPAA Privacy and Security Rules
  • Analysis of the impact of the HITECH Act on the HIPAA Privacy and Security Rules
  • Investigative techniques for identifying and prosecuting potential violations
  • A review of HIPAA and state law
  • OCR’s role in enforcing the HIPAA Privacy and Security Rules
  • State Attorneys General roles and responsibilities under HIPAA and the HITECH Act
  • Resources for State Attorneys General in pursuing alleged HIPAA violations
  • HIPAA enforcement support and results

Although these materials were created to train State Attorneys General on HIPAA, these materials provide covered entities and business associates unique guidance and insight into OCR’s approach to HIPAA enforcement.  In other words, covered entities and business associates should carefully review, analyze and incorporate these materials in their ongoing efforts to achieve HIPAA compliance.