Covered entities and business associates should be aware of tools being used by the federal Office of Civil Rights and State Attorneys General to deter and catch HIPAA privacy and security breaches that may be similar to the red light cameras designed to deter and catch traffic violations.
As reported by Ben Keller at DataGuidance.com., Indiana Attorney General Greg Zoeller announced, on July 5, 2011, that health insurer WellPoint Inc. has agreed to pay $100,000 for a data breach that occurred between October 2009 and March 2010.
Last week for the first time, the Office for Civil Rights of HHS reported exacting heavy financial obligations from (i) Cignet Health on February 22, 2011, with a $4.3 million civil monetary penalty assessment for violations of the HIPAA Privacy Rule, and (ii) Massachusetts General Hospital on February 24, 2011, for a settlement that includes a payment to the U.S. government of $1,000,000 for potential violations of HIPAA.
On January 18, 2011, the office of Attorney General William Sorrell of Vermont announced in a press release that it had settled a lawsuit against Health Net, Inc., involving an alleged PHI security breach, by means of a consent decree which requires court approval.
Attorneys General can seek penalties under state privacy statutes and HIPAA/HITECH for PHI security breaches
The requirements under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH” and collectively with HIPAA, “HIPAA/HITECH”) statutes and regulations for public disclosure of security breaches of Protected Health Information (“PHI”) have continuously been bringing to light… Continue Reading