The New HIPAA Landscape: Enhanced Enforcement, Million-dollar Payments and Data Breach Self-Reporting Requirements Compel Compliance


The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently intensified enforcement under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA imposes numerous restrictions and requirements on healthcare providers, insurance plans, billing companies and business associates to these entities that handle patient-protected health information. Since the HIPAA rules went into effect in 2003, the focus of HIPAA enforcement has been on behavior modification; now, the focus has shifted to more accountability and stiffer sanctions for noncompliance.

In just one week in February 2011, HHS announced a $1 million settlement with General Hospital Corporation and Massachusetts General Physicians Organization Inc. ("Mass General") regarding "potential" HIPAA violations. Two days earlier, HHS announced a $4.3 million civil monetary penalty against Cignet Health, a Maryland insurance company, based on HIPAA violations and the company's failure to cooperate with OCR's investigation. These cases, and HHS's apparent willingness to put them in the spotlight, demonstrate the agency's newfound commitment to investigating, uncovering and imposing penalties for HIPAA violations. In addition, HIPAA's new data breach rule, requiring entities to report unsecured data breaches, is likely to makes it easier for HHS to follow up on HIPAA incidents.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Administrative Agency Updates, Health Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Duane Morris LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »