Efforts by the federal Office of Civil Rights to investigate data breaches at healthcare organizations are of great concern to security and compliance officers at healthcare organizations. That can represent potential disruption, cost and reputational damage. However, the possibility of a State Attorney General (AG) action is often underestimated and overlooked, according to a recent report from Clearwater, a supplier of cyber risk management and HIPAA compliance solutions.
“State AGs are becoming much more active and now banding together to initiate multi-state suits,” asserts a report by Clearwater’s Mary Chaput, a member of its board directors and formerly its CFO and chief compliance officer. “They are following OCR’s lead and bringing their own actions on healthcare organizations that have violated HIPAA regulations, most recently in cases where there has been a failure to conduct a risk analysis of all information systems that maintain, receive, create or transmit ePHI.”
Source: Health Data Management