Susan McAndrew, OCR
Fresh news from the National HIPAA Summit, held March 9-11 in Washington DC, is that the HHS Office of Civil Rights has scheduled “HIPAA Enforcement Training” for State Attorneys General. Susan McAndrew, OCR’s Deputy Director for Health Information Privacy spoke at the Summit and said that her office would pay all training expenses for 2 members of the AG staff for each state. According to the agenda on the OIG website, the training agenda includes investigative techniques, resources for pursuing alleged violations, and an analysis of the impact of the HITECH Act on the HIPAA Privacy and Security Rules.
In a time of belt-tightening for state and local governments, it is significant to note that the HITECH Act includes a provision for state AGs to collect attorney fees as part of convictions or settlements. Consequently, a funding source for enforcement activities is available.
Since state AGs were granted enforcement authority in February 2008, only one, Connecticut Attorney General Richard Blumenthal has prosecuted a HIPAA case, against Health Net of Connecticut for failure to protect a computer disk drive which contained information on 446,000 of its health plan enrollees.
Mike DeWine, Ohio Attorney General
Based on a review of Ohio Attorney General Mike Dewine’s press releases, his early health care priorities including challenging the constitutionality of the recently enacted federal healthcare law and fighting prescription drug abuse. The HIPAA training for Ohio is scheduled for May 9th -10th. A call to Attorney General Dewine’s office for comment on HIPAA enforcement has not yet been returned.
