Harsher data protection sanctions are coming - When Apollo wanted to stop Laokoon from warning the Trojans that there were Greek soldiers in the famous Trojan Horse, he sent two giant snakes to kill Laokoon and his sons. Talk about sanctions...

via peterfleischer.blogspot.com/

Peter Fleischer is Google's Privacy General Counsel. In the post above, he writes about increased data breach enforcement across the globe. We recently wrote about 2012 as the year of enforcement here. Peter is not writing specifically about the healthcare industry (i.e. especially since Google Health is no longer with us), but he does have a great perspective as someone who tracks these issues globally, and needless to say, for one of the most powerful corporations on the planet.

There will be blood...the healthcare

industry is well advised to wake-up

and smell the data breaches...2012

will be the year of enforcement.

Many socioeconomic phenomenon manifests themselves in repeatable patterns (e.g. the business cycle, elections, etc.). Right now there is little doubt that privacy is a "hot issue" and is likely to remain so in the foreseeable future. From a policy and enforcement perspective the pendulum is now swinging in the other direction. In other words "there will be blood." The healthcare industry is well advised to "wake-up and smell the data breaches."

 Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

The consulting firm that lost a laptop computer with medical data on 23,500 Minnesotans last summer has been sued by Minnesota Attorney General Lori Swanson, who says it violated health privacy laws and state consumer protections.

via www.startribune.com

Many are asking whether 2012 is going to be the year of HITECH Act enforcement and I believe that there are many signs that point in that direction.

• The States are starving for revenue and suits against large covered entities and business associates could be used to fill up the coffers. Most of these cases will settle so state AG's may not even need to use significant resources to get the money. Nice work if you can get it.
• KPMG will continue its "mandatory audit" program under contract with HHS. Early findings may provide significant fodder for HHS to kickstart its virtual money machine (fines levied go into HHS coffers).
• We are going to continue to see high profile breaches and this will put additional pressure on HHS to "DO SOMETHING." Pressure is likely to come from Congress as they get sick of getting beat up by consumer advocacy groups.
• HHS will deliver the final version of the NPRM released in July 2010 (i.e. the "Omnibus Rule") which is likely to set the stage for enhanced enforcement (e.g. against business associates).

Everyone, including HHS, understands that HIPAA prior to the HITECH Act was unenforced. The HITECH Act was meant to send a message that there was new sheriff in town. In 2012 HHS will start to deliver the message.

 Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?