State Laws Are Beginning To Impact HIPAA Privacy Programs
- Results from the 2019 HIPAA Compliance Benchmark Survey Reportâ„¢ provide actionable insights for providers.
- Some providers have already had incidents relating to state privacy laws.
In the 2019 HIPAA Compliance Benchmark Survey™ nearly two-thirds of respondents reported they had not yet felt the impact from state or local privacy laws. However, three percent reported that they had incidents relating to and/or experienced enforcement actions as result of these laws. Additionally, the survey results found that about one-third of participants were responding to state privacy laws by making changes in their information privacy programs. Catie Heindel, JD was a key developer of the survey, and was also responsible for analyzing and reporting the results. Ms. Heindel explains that several states have enacted state specific actions and legal mandates related to patient privacy, and even more are considering similar legislation. As a result, many of her clients have requested assistance in adjusting their health information privacy program’s planning and training in anticipation of new and revised state and local laws. Ms. Heindel warned that those with even limited operations in states with privacy laws must comply with such laws. She reminds everyone that State Attorney Generals can bring actions against organizations under most state privacy laws, and are permitted to enforce HIPAA if a breach affects individuals in their state. Attorney General enforcement under both state privacy laws and HIPAA have become an emerging trend in the past few years. She advises privacy officers to keep close tabs on changes in the regulatory landscape that impact their organization and the patients they serve.
More information on the results of the 2019 Compliance Benchmark Surveyâ„¢ can be found at: https://www.compliance.com/publications/2019-hipaa-compliance-survey-report/.
