OCR Rolls Out HIPAA Training Plan for AGs

State attorneys general will be getting a few lessons in HIPAA. The Office for Civil Rights, the enforcer of the HIPAA privacy and security rules, announced this week training sessions for state AGs to help them in their new authority to enforce the HIPAA privacy and security rules.

The HITECH Act gave state attorneys general authority to bring civil actions on behalf of state residents for HIPAA violations. It also permits the attorneys to obtain damages on behalf of state residents.

Last July, Connecticut attorney Richard Blumenthal's office announced a $250,000 settlement with insurer Health Net and its affiliates regarding a breach of personal health information affecting nearly a half million Connecticut enrollees.

The settlement was a landmark one because Blumenthal's office was the first to cash in on the HITECH-granted authority.

As for the training OCR's sessions will include the following topics:

• General introduction to the HIPAA privacy and security rules
• Analysis of the impact of HITECH on the HIPAA privacy and security rules
• Investigative techniques for identifying and prosecuting potential violations
• A review of HIPAA and state law
• OCR's role in enforcing the HIPAA privacy and security rules
• State AGs' roles and responsibilities under HIPAA and HITECH
• Resources for state AG in pursuing alleged HIPAA violations
• HIPAA enforcement support and results