Privacy law scholar Daniel Solove writes:
The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2001), the 5th Circuit struck down a fine and enforcement action by HHS as arbitrary and capricious. This case has significant implications for HHS enforcement — and for agency enforcement more generally.
My reactions to the case are mixed. The court makes a number of good points, and it identifies flaws with HHS’s interpretation of HIPAA and with its enforcement approach. But there are parts of the opinion that overreach and that are unrealistic.
Read his analysis of, and commentary on the opinion on TeachPrivacy.com.