European Privacy Law And Social Networking : Privacy Law Blog. This post is a good indication why privacy on the internet is not only front and center as a national issue in the U.S. but is a concern internationally as well.
Online businesses need to start paying more attention to these issues, including (and especially) any health care sites. As a privacy attorney I have spent quite a bit of time lately reviewing in depth the FTC Red Flags Rules and the HITECH Act's impact on HIPAA.
I can assure readers that any lax enforcement of privacy laws on the part of government agencies is a thing of the past. The HITECH Act's Subtitle-D (Privacy) clearly transforms HIPAA from a paper tiger into one with visible teeth. Here's a brief summary of relevant changes to HIPAA under HITECH:
- HHS Mandatory Audits
- Business Associates are explicitly required to comply with HIPAA's Privacy and Security Rules.
- State Attorney Generals are authorized to bring a civil action on behalf of residents.
- Funds from civil fines will go into the coffers of HHS' Office of Civil Rights (this alone is a game changer).
The point is that across the board, whether it is HHS or the FTC, government agencies are increasingly becoming more aggressive in their enforcement actions. There is a regulatory freight train coming at the end of the tunnel unlike anything we have seen since Sarbanes-Oxley (aka SOX).
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.