HIPAA Enforcement: Who's in Charge? - Health Works Collective

HIPAA Enforcement: Who’s in Charge?

The recent

The recent FTC decision in the LabMD case (pdf) (full docket here) has HIPAA-watchers scratching their heads, tugging their beards, and generally wondering about reconciling FTC-style litigation-based regulation with OCR-style rule-based regulation of health care data privacy and security.

Here’s my take: For a covered entity or business associate that has all its ducks in a row – HIPAA Privacy, Security and (for Covered Entities) Breach Notification policies and procedures, a completed risk analysis, training and testing of workforce documented – FTC regulation should not be problematic. I think that the FTC would be hard-pressed to find an entity that is in compliance with HHS HIPAA rules and relevant state law to be in violation of the FTC Act’s prohibition of “unfair … acts or practices.”

The FTC does not have specific rules in place in this area, and is not likely to promulgate rules (it has rules in place for PHR breach notification, under the HITECH Act, but that is outside of HIPAA jurisdiction). The FTC regulates unfair acts or practices by filing complaints and dealing with violations of its basic statute on a case-by-case basis. It is not unreasonable for the FTC to assert that it has overlapping jurisdiction with OCR jurisdiction under HIPAA. Fines under the FTC Act are limited to $16,000 per violation (as opposed to the maximum fine of $1.5 million under HIPAA).

The FTC asserting jurisdiction should be of concern for entities subject to HIPAA that are not in compliance with HIPAA – like LabMD in this case.

Ultimately, however, the question arises: What would the FTC do in any particular case that OCR would not already do? If both are actively enforcing HIPAA, then I would conclude: not much.

The same question arose when state attorneys general were given permission under HITECH to enforce HIPAA violations. State AGs and the OCR often came up with parallel enforcement plans, so the value of the added enforcement agency appears to be limited. Of course, this may change over time if OCR enforcement scales back, the office is defunded, etc. In such a scenario, the federales may conclude that double-teaming the bad guys wasn’t such a bad idea after all.

Bottom line: Comply with the rules, rather than worrying about who has the authority to nail you when you don’t.

Super Nurse: 4 Pointers to Help You Become a Truly Extraordinary Nurse

Bridging The Gap In Multi-Generational Medical Marketing

How to Monetize Mobile Healthcare Apps

Marketing Advantages Of Private – Non-Profit Partnerships

How to Monetize Mobile Healthcare Apps

How Budget Cuts are Affecting Mental Health Care

Mid-Year Update: 4 Major Payer Trends

Choosing a Different Peer Review Vendor

Super Nurse: 4 Pointers to Help You Become a Truly Extraordinary Nurse

Truth From Comedy: ZDogg Does for Medicine What Late Night Is Doing for Politics

Cost of Non-Compliance with HIPAA and HITECH

Balancing Smart Data With Cybersecurity for Hospitals

Patient-Generated Health Data: a Shift in Care Delivery?

Predictive Analytics and Data Mining Reduce Healthcare Costs and Improve Outcomes

Technology’s Vital Role in Healthcare Improvements

Truth From Comedy: ZDogg Does for Medicine What Late Night Is Doing for Politics

Patient-Generated Health Data: a Shift in Care Delivery?

Cybersecurity in Healthcare: What’s Working?

7 Steps to Selecting the Right HIPAA Approved Cloud Fax Service

What Are the Limitations of Big Data in Healthcare?

Patient-Generated Health Data: a Shift in Care Delivery?

How Secure Messaging Makes Patient Portals More Engaging?

Care On The Road: How Telemedicine Can Reach Truck Drivers

The 4 Best Apps for People with Diabetes

Patient-Generated Health Data: a Shift in Care Delivery?

How Financial Barriers are Slowing Down Telehealth Adoption

3 Doctor’s Telemedicine Questions Answered

Is Working in Telemedicine a Good Option for You?

Truth From Comedy: ZDogg Does for Medicine What Late Night Is Doing for Politics

How Online Reviews Can Destroy A Physician’s Life

Top 4 Branding Ideas For Yoga Teachers

How Social Media Can Boost Your Medical Site

6 Benefits of Robotic Surgery

Biotech is Game Changer in Cancer Treatment Advances

How to Monetize Mobile Healthcare Apps

Predictive Analytics and Data Mining Reduce Healthcare Costs and Improve Outcomes

Technology’s Vital Role in Healthcare Improvements

All You Need To Know About Patient Portals

Is Telehealth A Viable Solution To The Dentist Shortage?

How Artificial Intelligence is Merging With Diagnostic Imaging

6 Benefits of Robotic Surgery

Technology’s Vital Role in Healthcare Improvements

How Can AI Help in the Fight Against Cancer?

Is Telehealth A Viable Solution To The Dentist Shortage?

Cost of Non-Compliance with HIPAA and HITECH

Microsoft Aims to Transform Healthcare Using Artificial Intelligence and Machine Learning

New Study Links Infertility to Flame Retardants in Furniture and Carpet

Is Genetics Behind Your Motivation to Exercise?

Symptoms of Serotonin Imbalances You Need to Know

Biotech is Game Changer in Cancer Treatment Advances

Be Prepared: Readying Your Facility For Alcohol Related Treatment

How Can AI Help in the Fight Against Cancer?

4 Symptoms of Collagen Deficiency After 50

Peripheral Vascular Stenting to 2020

In Praise of FDA Collaboration: The Cardiac Safety Example

The Role of Ultrasound Guidance in Heart Valve Procedures

Q&A Part Two: Technology & Healthcare Efficiency—Not Always the Perfect Match

Why Primary Care Physicians Are the Next Phase in CCRC Care

The Dos and Don’ts of Handling Elderly Patients

Five Fields In Healthcare That Are Quickly Growing

Addressing the Phenomenon of “Pill Mill” Doctors

Should You Recommend Bariatric Surgery to Obese Patients?

Do it like Disney: Developing Orthopedic Centers of Excellence

Lessons on Building a Great Ortho Team from The Avengers

What Orthopedic Patients Want this Holiday Season

Use The Force: 4 Ways to Improve Orthopedic Service Lines

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

Your Journey to Being Healthy Inside and Out

Using the D Word: Discussing Death and End of Life Care With Patients

Be Prepared: Readying Your Facility For Alcohol Related Treatment

5 Most Stressful Corporate Jobs That Lead to Addiction

Mental health: How Clutter Affects Your Brain And What Can You do About it

Dr. Oz Claims Acupuncture Can Be Great for Weight Loss

The Benefits of Providing Homecare in Your Health System

Omega-3s Are Way More Important Than You Thought—Here’s Why

Super Nurse: 4 Pointers to Help You Become a Truly Extraordinary Nurse

Using the D Word: Discussing Death and End of Life Care With Patients