State attorneys general not leaping to embrace HIPAA enforcement

Kimberly Leonard reports:

Only two state attorneys general have pursued the authority Congress gave them two years ago to prosecute privacy and security breaches of health information — despite training from federal agencies and a consensus among privacy groups that enforcement needs to improve.

[…]

Experts blame a variety of factors for the apparent disinterest — the newness of the law, state budget constraints, conflicting priorities, even high rates of HIPAA compliance by health care providers. They also believe state attorneys general may have chosen to prosecute such cases under state privacy and security laws rather than the federal HIPAA law.

Read the full coverage on the Center for Public Integrity’s iwatch

HIPAA Compliance and Breach Communications: Helpful Tips for SMBs
Small-Scale Violations of Medical Privacy Often Cause the Most Harm
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000
HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
The CoPilot Provider Support Services incident: The HIPAA issue

Related: