Health care providers will soon be subject to even more scrutiny from State Attorneys General and State Medicaid Fraud Control Units (MFCUs), as demonstrated by two recent announcements made by the Department of Health and Human Services (HHS). First, the HHS Office of Civil Rights (OCR) announced the dates of its Health Insurance Portability and Accountability Act (HIPAA) enforcement training1 for State Attorneys General and their staff, which is intended to bolster enforcement under the HIPAA Privacy and Security Rules.2 Second, the HHS Office of Inspector General (OIG) released a proposed rule3 that, if promulgated, would allow MFCUs to mine Medicaid claims data to identify aberrant billing schemes for investigation and potential prosecution. These new resources will provide additional support for state enforcement of laws related to health care data privacy and security and health care fraud and abuse. Moreover, these announcements signal the need for health care providers to stay abreast of, and comply with, laws and regulations governing the state and federal health care programs.