01-April-2010

When it comes to HIPAA privacy and security, many eyes are on Connecticut where the state attorney general in January filed the first lawsuit using powers granted under HITECH, the Briefings on HIPPA reported in its story, "Connecticut AG Files First Lawsuit Under HITECH Authority."

So what will the state AGs look for when it comes to other lawsuits, the story asked. Consumer protection has been and will continue to be a significant focus of state AGs' interest, according to Richard M. Campanelli of B&D Consulting. In the context of HIPAA, data breaches are a natural place for them to focus, Campanelli said in the story.

The No. 1 rule is to catch a problem before it becomes a breach, the Briefings on HIPPA reported. Set up an identity theft protection program as is called for in the Red Flags Rule.

HIPAA and HITECH require organizations to have policies in place to protect against breaches, but that is not enough, said Campanelli, who was director of OCR from 2002 to 2005 and led the federal government's HIPAA compliance program. Organizations must implement those policies, and doing so requires employee training and ongoing vigilance, he told the Briefings on HIPPA.