The word "breach" in the health care industry, and for those business associates of covered entities, certainly causes alarm when not only have you had your patient's privacy violated, but also now you have to prepare for the financial cost to remedy the breach and think about the possible criminal and civil penalties that you or your organization may have to face.
In addition, because the HITECH Act for the first time now authorizes a federal lawsuit for a HIPAA violation, an aggrieved individual may ask the attorney general of the state in which the violation occurred to sue on his behalf in federal court and recover damages, attorney's fees, and costs. As of the end of August 2011, the Connecticut Attorney General ("AG") had filed two such lawsuits and the Indiana AG had filed one.
In the first one filed, the Connecticut AG obtained a $250,000 settlement from the hospital defendant. Thus, a covered entity now faces the possibility of HIPAA lawsuits in both state and federal courts. Further, with the HITECH Act's expansion of HIPAA civil and criminal liability to business associates, the latter may also be sued in federal court. The Minnesota Attorney General has filed such a lawsuit against a business associate. Isn't it better to know the proper way to handle a breach according to the law?
Learn the difference between security incident reports and reportable breaches and how to handle each properly during this 90-minute seminar. Find out what resources are available to you to help avoid breaches of confidentiality and how your organization can be better prepared for HIPAA compliance regulations
Areas Covered in the Session: