It appears that the 2019 HIPAA enforcement year is over with a lot less fanfare (and cash) than last year but it did provide important insights into enforcement trends. *Distributed by Law360 on January 22, 2020 and included in its Health Law and Cybersecurity and Privacy Law. newsletters.
Just two weeks into the new year and at least three states already have proposed privacy legislation boasting CCPA and GDPR-like provisions. This flurry of early legislative activity is just a preview of what we are likely to see during state legislative sessions throughout the year.
It appears that the 2019 HIPAA enforcement year is over with a lot less fanfare (and cash) than last year. The total in settlements and penalties for 2019 is $12.2 million, which is substantially less than OCR’s highest ever total of $28.7 million just one year ago.
With less than two days left in 2019, the Department of Health and Human Services’ Office for Civil Rights announced that a small, rural Georgia ambulance provider agreed to pay $65,000 to settle claims of multiple HIPAA Security Rule violations.
Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced a Right of Access Enforcement Initiative, which would focus on ensuring that patients were getting timely access to their records without being overcharged. Prior to this announcement, enforcement actions against providers for denying a patient the proper right of access were rare. Since announcing the initiative, OCR has swiftly pursued claims resulting in two settlements within months of each other.
As part of the budget bill, Connecticut passed a law that more comprehensively addresses data security and is similar to the model law for insurance data security from the National Association of Insurance Commissioners. The law took effect on October 1, 2019.