More Financial Exposure for a HIPAA Breach: State Attorneys General Sue for Damages
March 8, 2012
The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and business associates to safeguard the privacy and security of Protected Health Information (PHI) and imposes civil and criminal penalties on both for failure to do so. The 2009 Health Information Technology for Economic and Clinical Health (HITECH) act that defined what was and wasn't a 'breach" under HIPAA imposed the same obligations on business associates as HIPAA had placed upon covered entities.
HITECH gave state attorneys general (AGs) enforcement power against covered entities and their business associates. In 2011 the Connecticut and Vermont AGs filed actions in federal court against covered entities seeking damages for HIPAA breaches affecting state residents. Now Minnesota's AG has brought such an action against a business associate.
To read the full alert, click the link below.