allowing individuals to sue to enforce HIPAA), aggrieved patients and their counsel have been finding other ways to file claims for HIPAA violations and use HIPAA violations as the basis for seeking monetary damages. While there is no hint at this time that Congress is contemplating including a private right of action in HIPAA (i.e.
Moreover, OCR investigations of complaints have often resulted in compliance agreements and consent orders, rather than court actions or civil damages, both of which would require the covered entity or business associate to expend considerable sums on attorney fees, court costs and payment of damages. Since HIPAA was enacted, the lack of a private right of action has provided solace to covered entities and business associates, particularly since complaints tend to be few in number. With respect to OCR, notification of the right to file a complaint and the process for doing so is generally set forth in a covered entity’s Notice of Privacy Practices. In addition, in some states, individuals have been able to file complaints regarding generalized privacy concerns with various state regulatory agencies, such as a state health or consumer protection department. The sole remedy of an aggrieved individual is to file a complaint with the United States Department of Health and Human Services Office for Civil Rights (“OCR”) or, more recently, with a state Attorney General. For example, a patient is not able to sue a dentist if the dentist fails to distribute a Notice of Privacy Practices or enter into a business associate agreement. As some of you may know, HIPAA does not include a “private right of action.” This means that an individual may not file a claim against a covered entity or a business associate in order to enforce HIPAA or seek damages in response to a HIPAA violation. While the answer has traditionally been “no,” the legal landscape is shifting and the risk of being sued continues to increase. Kevin on Can I Be Sued for a HIPAA Violation?.steve cykes on The Reality of HIPAA Violations and Enforcement.Carl Russell on Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices.Jennifer Bray on New HIPAA Standard Transaction Rules Released.V on Can I Be Sued for a HIPAA Violation? Gmail, Google Apps for Business HIPAA Business Associate Agreements.Business Associate Agreements – a First Look at Indemnification.Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices.
0 kommentar(er)
