As you may recall, the Health Information Technology for
Clinical and Economic Health (HITECH) Act gives state
Attorneys General the authority to bring civil actions on
behalf of state residents for violations of the HIPAA Privacy and
Security Rules. Some states, like Massachusetts, have already
to use this authority to bring and settle cases.
To advance state enforcement, HHS OCR has developed HIPAA
Enforcement Training modules, designed to help State Attorneys
General and their staff understand and use their new authority to
enforce the HIPAA Privacy and Security Rules.
The very same training materials being used by your state
AG are publicly available, including videos and slides
from in-person training sessions that OCR conducted in 2011,
as well as computer-based training modules that can be downloaded
and saved to your own computer. Although developed for state AGs,
the training materials provide a great deal of
information about the content and enforcement of the HIPAA Rules
that may be of interest to you and your employees.
Topics covered in these materials include:
General introduction to the HIPAA Privacy and Security
Analysis of the impact of the HITECH Act on the HIPAA Privacy
and Security Rules
Investigative techniques for identifying and prosecuting
A review of HIPAA and State Law
OCR's role in enforcing the HIPAA Privacy and Security
State AG roles and responsibilities under HIPAA and the HITECH
Resources for State AGs in pursuing alleged HIPAA
HIPAA Enforcement Support and Results
To view Foley Hoag's Security, Privacy and The Law
Blog please click
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Specific Questions relating to this article should be addressed directly to the author.
On March 30, 2013, the U.S. District Court for the District of Columbia issued a decision imposing certain socio-economic contract requirements on subcontractors operating hospitals associated with the University of Pittsburgh Medical Centers.
In 1997, the Virginia Supreme Court sent a chill down the spines of many companies operating under teaming agreements with a Virginia choice of law provision. In W.J. Schafer Associates, Inc. v. Cordant, Inc., 493 S.E. 2d 514 (Va. 1997), that court held a teaming agreement to be unenforceable on the ground that "agreements to agree in the future" are "too vague and too indefinite to be enforced."