HHS Expanding HIPAA Privacy Enforcement Team

The Department of Health and Human Services ("HHS") enforces the privacy provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). HIPAA applies to health care providers, health plans and healthcare clearinghouses and provides guidelines for disclosure of certain health information. Individuals do not have a private right of action for violations of HIPAA, but complaints may be filed with HHS. The statute gives HHS the authority to impose civil monetary penalties and the U.S. Department of Justice the authority to impose criminal penalties for HIPAA violations. Since the law was implemented we have not seen much enforcement action. However, HHS recently announced that the privacy enforcement team is being expanded which could mean a renewed effort to follow up on individual complaints and increase HIPAA enforcement. Health plan sponsors should review their HIPAA privacy policies and procedures, business associate agreements and notices to plan participants.

 

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.