Many people who have been in the unfortunate situation where they believe that their protected health information (PHI) has been compromised inappropriately, are often surprised and deeply disappointed to learn that the HIPAA law does not provide a “private right of action.”
Continue Reading Why Can’t I Sue Under HIPAA for a Breach of my Protected Health Information? What Can I Do?

The recent Department of Health and Human Services (“HHS”) resolution with Alaska Department of Health and Social Services, the state Medicaid agency (“Alaska Medicaid”), which includes the payment by Alaska Medicaid to HHS of $1.7 million respecting possible violations of HIPAA, raises questions as to the exacting of payments by HHS from a state agency that funds medical care for the Alaska indigent from taxpayers.
Continue Reading The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?

To avoid becoming marchers in the Breach Parade, covered entities and business associates should be aware of tools being used by the federal Office of Civil Rights and State Attorneys General to deter and catch HIPAA privacy and security breaches that may be similar to the red light cameras designed to deter and catch traffic violations.
Continue Reading Government HIPAA Enforcement Tools – Will These “Red Light Cameras” Deter Marchers From Joining the Breach Parade?

The Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services recently released a “sample” letter that will be used as the template for the actual letters that OCR will issue to those covered entities that are selected for HIPAA audits in 2012.
Continue Reading HHS/OCR Audits Are Almost Here – OCR Issues “Sample” Audit Letter

Those entities subject to both the HIPAA privacy and security rules should pay close attention to recent action taken by the U.S. Department of Health and Human Services Office for Civil Rights, which will increase the frequency and depth of government audits for HIPAA/ITECH compliance over the next year.
Continue Reading HHS/OCR Audits are Coming: What are Covered Entities Doing to Prepare?

On January 18, 2011, the office of Attorney General William Sorrell of Vermont announced in a press release that it had settled a lawsuit against Health Net, Inc., involving an alleged PHI security breach, by means of a consent decree which requires court approval.
Continue Reading The Parade of PHI Security Breaches: Escalating Enforcement Activity by State Attorneys General – Most Recently in Vermont