HIPAA Breach: Who You Gonna Call?

Everyone knows that you call a plumber for a leaking pipe, a mason for a cracked stonewall, and an electrician to fix faulty wiring. However, when faced with an actual or suspected HIPAA data breach, many folks struggle with determining whom to call. Failure to have contacts lined up ahead of time may pose more than an inconvenience–any delay in bringing in experienced advisors to assist with breach investigation, response and mitigation may result in significant financial and legal consequences. HIPAA covered entities and business associates should have a written breach response policy and protocol. The policy and protocol should provide clear guidance to the covered entity’s or business associate’s…

READ MORE

Can I Be Sued for a HIPAA Violation?

I am asked that question almost weekly. While the answer has traditionally been “no,” the legal landscape is shifting and the risk of being sued continues to increase. Let’s first start with some background. As some of you may know, HIPAA does not include a “private right of action.” This means that an individual may not file a claim against a covered entity or a business associate in order to enforce HIPAA or seek damages in response to a HIPAA violation. For example, a patient is not able to sue a dentist if the dentist fails to distribute a Notice of Privacy Practices or enter into a business associate agreement….

READ MORE