Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

HIPAA Gets 'Teeth'

By Jennifer Willcox
July 31, 2006

Memories of HIPAA Compliance likely have long faded for many HR and benefits professionals. You distributed your Privacy Notices, trained your staff, conducted a 'risk assessment' of your information systems under the Security Rule, and formally adopted a thick binder of HIPAA Privacy and Security policies. HIPAA, like Y2K, has come and gone, and health plan compliance has turned to bigger and more pressing issues, right?

Not quite. Recent news stories about the theft of millions of veterans' personal data from the Veterans Administration is a timely reminder about the importance of protecting the confidential data an organization maintains regarding beneficiaries of its health plans. In addition, the Final Rule on HIPAA Enforcement became effective on March 16, 2006, setting out comprehensive rules for all aspects of the enforcement process. These rules have more 'teeth' than was expected, and speculate that this enforcement structure will mean more rigorous enforcement, including imposition of civil penalties, by the HIPAA regulators, the Department of Health and Human Services (HHS). The new rules also make clear that avoiding HIPAA complaints about your health plan is not enough to evade HIPAA enforcement action: HHS now can initiate 'compliance reviews' based on any information suggesting noncompliance that comes to its attention, including media reports.

Now is an excellent time to review your health plan's protection of the privacy and security of individually identifiable health information (known as Protected Health Information, or PHI) created or maintained by the plan. Adopting a HIPAA-compliance monitoring plan is a way to catch problems before they become serious, and to demonstrate that your plan is serious about meeting its compliance obligations.

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Removing Restrictive Covenants In New York Image

In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?

Fresh Filings Image

Notable recent court filings in entertainment law.