Jul
06
First AG’s office to score a HIPAA settlement: Connecticut
By
Connecticut Attorney General Richard Blumenthal’s case against insurer Health Net on a data breach leads to a settlement of $250,000 with the state. It’s the first money settlement as a result of the newly-granted power to state AGs to pursue HIPAA-related suits.
Get blog updates in your e-mail
Subscribe to our e-zine
Click here to learn how!
Click here
This is somewhat precedent setting because it is the first AG case filed under the HITECH Act. The damage, though, to Health Net is the adverse publicity and the potential for the filing of civil suits by individuals who believe they have been harmed. Given the size of Health Net there isn’t really any sting from the fine itself – more the publicity and the aftermath.
Now it’s a matter of waiting to see what other states will do. California didn’t wait for HITECH and enacted its own laws that already have had an impact on health care entities in California. Given that, I would not be surprised to see the California AG getting into the act in the near future.
At this point, though the US Department of Health & Human Services has yet to levy any civil penalties against any covered entities (and now business associates) since the HIPAA Privacy Rule was in force April 14, 2003. A fair amount of activity is occurring at HHS and the department is under a lot of pressure to meet the HITECH Act rule writing/enforcement deadlines so the fact that the HICECH Act has not changed any enforcement practices resulting in civil penalties is not necessary surprising. The question, though, is will the HITECH Act really have an impact in increasing HIPAA Privacy and Security Rule compliance? We wait and see…
Chris Apgar