As you may recall, the Health Information Technology for Clinical and Economic Health (HITECH) Act gives state Attorneys General the authority to bring civil actions on behalf of state residents for violations of the HIPAA Privacy and Security Rules. Some states, like Massachusetts, have already started to use this authority to bring and settle cases.
To advance state enforcement, HHS OCR has developed HIPAA Enforcement Training modules, designed to help State Attorneys General and their staff understand and use their new authority to enforce the HIPAA Privacy and Security Rules.
The very same training materials being used by your state AG are publicly available, including videos and slides from in-person training sessions that OCR conducted in 2011, as well as computer-based training modules that can be downloaded and saved to your own computer. Although developed for state AGs, the training materials provide a great deal of information about the content and enforcement of the HIPAA Rules that may be of interest to you and your employees.
Topics covered in these materials include:
* General introduction to the HIPAA Privacy and Security Rules
* Analysis of the impact of the HITECH Act on the HIPAA Privacy and Security Rules
* Investigative techniques for identifying and prosecuting potential violations
* A review of HIPAA and State Law
* OCR’s role in enforcing the HIPAA Privacy and Security Rules
* State AG roles and responsibilities under HIPAA and the HITECH Act
* Resources for State AGs in pursuing alleged HIPAA violations
* HIPAA Enforcement Support and Results