Enforcement of Privacy Laws: A Freight Train is Coming
European Privacy Law And Social Networking : Privacy Law Blog. This post is a good indication why privacy on the internet is not only front and center as a national issue in the U.S. but is a concern internationally as well.
Online businesses need to start paying more attention to these issues, including (and especially) any health care sites. As a privacy attorney I have spent quite a bit of time lately reviewing in depth the FTC Red Flags Rules and the HITECH Act's impact on HIPAA.
I can assure readers that any lax enforcement of privacy laws on the part of government agencies is a thing of the past. The HITECH Act's Subtitle-D (Privacy) clearly transforms HIPAA from a paper tiger into one with visible teeth. Here's a brief summary of relevant changes to HIPAA under HITECH:
- HHS Mandatory Audits
- Business Associates are explicitly required to comply with HIPAA's Privacy and Security Rules.
- State Attorney Generals are authorized to bring a civil action on behalf of residents.
- Funds from civil fines will go into the coffers of HHS' Office of Civil Rights (this alone is a game changer).
The point is that across the board, whether it is HHS or the FTC, government agencies are increasingly becoming more aggressive in their enforcement actions. There is a regulatory freight train coming at then end of the tunnel unlike anything we have seen since Sarbanes-Oxley (aka SOX)..







