Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

January 23, 2008

HIPAA Privacy and Security Update

This Legal Alert discusses recent updates regarding the Privacy and Security regulations promulgated under the Health Insurance Portability and Accountability Act (HIPAA).

The Department of Health and Human Services Office of Civil Rights (OCR) has received 32,487 complaints regarding the HIPAA Privacy regulations. It has referred 419 cases to the Department of Justice (DOJ) for criminal investigation. In addition, OCR has referred 215 cases that may represent potential violations of the HIPAA Security regulations to the Centers for Medicare and Medicaid Services (CMS). CMS has also announced that it will begin on-site reviews of hospitals' compliance with the Security regulations, expecting to review 10 to 20 hospitals in the next nine months. The first reviews are expected to be of hospitals where CMS has received complaints about security practices and larger hospitals nationwide. Remote access to data and use of portable storage devices are among the issues that CMS is expected to review.

In addition, a New York State appellate court recently ruled that punitive damages may be imposed on a health care provider for unintentional but grossly negligent and/or reckless breaches of confidentiality or breaches that show callous indifference to a patient's right to confidentiality, where the breach has the potential to cause significant harm to the patient. The court stated that the right of patients to privacy of protected health information is so important a public policy that even an inadvertent breach might in some cases warrant punitive damages. The defendant in the case discussed with a patient's mother information regarding the patient, which led the mother to surmise that her daughter had had an abortion at defendant's clinic. Punitive damages are not always covered by malpractice insurance. Providers dealing with patients under care of a very sensitive nature (HIV-related illness, abortion, sexually transmitted diseases, mental health issues, alcohol and substance abuse treatment, etc.) should be particularly mindful of this case, as it is likely that the disclosure of those types of information might lead to the same analysis by a jury or court.

For providers, these developments further support the need for a sound HIPAA compliance plan. Ensuring compliance before a complaint or investigation is far more effective, and much less expensive than defending an investigation or other review. Hiscock & Barclay, LLP has experience in assisting providers with HIPAA-compliance efforts, including the provision of training, and with responding to regulatory reviews and investigations.

Should you need assistance in these matters or in the development or update of a HIPAA compliance program, please contact Melissa M. Zambri, Partner in the Firm's Health Care and Human Services Practice Area.


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


COVID-19 Business Interruption Update: New York High Court Affirms in Favor of Insurer


USFWS Introduces General Permit for Bald and Golden Eagle Incidental Take


ORES Executive Director Issues First Denial of Section 94-C Permit Application Following Applicant's Partial Loss of Site Control


New Details About OPWDD Spending in the New York State FY 2025 Executive Budget


Second Circuit Reverses in Favor of Insured in $600,000 Fire Loss Case


New York State Minimum Wage Increases Are Here: Are You Compliant?

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out