Fourth HIPAA Settlement in a Year Highlights Increasing Enforcement Trend


On July 6, 2011, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an $865,500 settlement with UCLA Health System, its sixth Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule settlement, and the fourth within a year. This news has only further raised the question that has been stirring since the Mass General and Cignet cases: Has OCR reached a new level of enforcement?

At this time, the chance of an investigation leading to a formal settlement or civil money penalty (CMP) remains remote, but those odds are increasing, especially for large organizations that have experienced a headline-grabbing privacy incident. We will have a better understanding of the new face of enforcement as the proactive audits required by the HITECH Act begin occurring and as we reach the two-year anniversary of the HIPAA breach notification obligations. In the meantime, the recent settlements represent good case studies of privacy events that raise the potential of formal HIPAA settlements and provide covered entities with the opportunity to reassess their compliance programs.

The recent string of settlements highlight that privacy incidents, especially ones that capture the public’s attention, are not without Federal repercussions. Covered entities should pay particular attention to threats and vulnerabilities that could lead to very public incidents, such as information about persons of general interest or large caches of health information that could give rise to a large breach. In the end, a robust and effective compliance program—creating a culture of compliance—is the best means of avoiding breaches in the first place and, as a result, staying out of both the media’s and OCR’s crosshairs.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.