There’s a health privacy and security brewing that doesn’t appear to have much to do with home care, but there
are some big reasons HHAs should take careful notice. Connecticut Attorney General is the first state prosecutor to harness the HITECH Act’s new enforcement provisions for HIPAA violations. The AG’s office is suing Health Net for a security breach involving 446,000 Connecticut enrollees.
The AG says the plan failed to promptly notify patients about the PHI breach. At root of the problem is a portable disk drive containing unencrypted data was stolen from Health Net’s corporate office. That too should make home care providers take careful notice. Securing portable electronic devices should be a big priority if you’re one of the increasing number of HHAs using point-of-service, devices, smart phones and handheld devices. Health Net’s next big mistake, according to the Attorney General? The plan failed to notify affected enrollees about the breach until 6 months after the disk drive was stolen. Civil penalties could top out at $22.3 billion, if the AG goes for the $50,000 fine per record limit. Health Net is admitting no wrong.
“This is likely the beginning of a new trend of state level HIPAA enforcement,” writes health law blogger Robert Markette, also a frequent speaker on home care topics. State prosecutors will likely start with the big fish first, like health plans, Markette predicts. But as they become more accustomed to using HITECH to enforce HIPAA, they’ll move on to smaller providers. “You want to be sure you are in compliance now, before enforcement really swings into high gear,” he says in his blog. Source: Home Care & Hospice News