HIPAA Compliance and the FTC: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Richard D. Dvorak

On June 6–7, 2012, I attended the NIST/OCR HIPAA Security Rule Conference at the Ronald Reagan Center, Washington, DC. The Federal Trade Commission’s Division of Privacy and Identity Protection led one of the sessions. I feel it is important to share with you, in case you may not be aware, that the FTC is also involved with the protection of protected health information (“PHI”).

The FTC Act, 15 U.S.C. 45 §5, prohibits unfair and deceptive trade practices. In June 2009, the FTC issued a complaint against CVS Caremark Corporation (CVS Pharmacy) for having failed to adequately protect PHI and train its workforce. The complaint resulted in a $2.25 million fine against CVS. In addition to the monetary fine, CVS has agreed to be monitored by the FTC for 20 years. The FTC seized on language in CVS’s privacy notice that stated, “Nothing is more central to our operations than the protection of your health information.” CVS was not properly protecting PHI when disposing of PHI, and the FTC took the position that failing to do so, after having said that they would protect PHI, was a deceptive trade practice.

The information presented at the conference not only brought to light that governmental agencies other than DHHS and the Office of Civil Rights are involved in the protection of PHI, but also amplified the message here at Veterans Press and the consultants and attorneys at EMR Legal, Inc., and Tomes & Dvorak, Chartered: the importance of well written policies and procedures and workforce training. Prevent your organization from being on the receiving end of any FTC, or other governmental agency, complaint and fine—and possible criminal prosecution—by implementing HIPAA compliant written policies and procedures, such as those available from Veterans Press in the HIPAA Compliance Library and on the Premium Member section of the Veterans Press website. Also, watch for the forthcoming book by Jonathan P. Tomes, the working title of which is “HIPAA Policies and Procedures.” Stay tuned for information about when the book and the accompanying CD will be available for you to buy. Also, if you know or even suspect that you need major help with your HIPAA compliance efforts, consider joining us for our two-day seminar May 9-10, 2013, here in Kansas City, called “Complete HIPAA Compliance: Hands-on Workshop.”

seo by: k.c. seo