OCR Rolls Out HIPAA Training Plan for State Attorney Generals By Dom Nicastro, for HealthLeaders Media, March 10, 2011 State attorneys general will be getting a few lessons in HIPAA. The Office for Civil Rights, the enforcer of the HIPAA privacy and security rules, announced this week training sessions for state AGs to help them in their new authority to enforce the HIPAA privacy and security rules. The HITECH Act gave state attorneys general authority to bring civil actions on behalf of state residents for HIPAA violations. It also permits the attorneys to obtain damages on behalf of state residents. Some haven't wasted any time. Last July, Connecticut attorney Richard Blumenthal's office announced a $250,000 settlement with insurer Health Net and its affiliates regarding a breach of personal health information affecting nearly a half million Connecticut enrollees. The settlement was a landmark one because Blumenthal's office was the first to cash in on the HITECH-granted authority. As for the training OCR's sessions will include the following topics:
The training takes places at the following sites and dates:
Jeff Drummond, health law partner in the Dallas office of Jackson Walker, LLP, puts adding state attorneys general to the HIPAA enforcement mix this way: "There are 50 new sheriffs in town." "Most state AGs are elected, and almost all of them do everything they can to get re-elected," says Drummond. "That means they'll be much more susceptible to public or political pressure to pursue HIPAA violations, particularly if there's a 'good story' behind the breach. They want to be seen as protecting the little guy, and they're much more incentivized" than OCR. Additional information about OCR's enforcement activities can be found at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html. For more information about BridgeFront's HIPAA online education and learning services please contact us. Send an email to info@bridgefront.com or call 866-447-2211. About BridgeFront: ### |