Feds to Train State AGs To Enforce HIPAA

The Department of Health and Human Services' Office for Civil Rights will host four regional meetings to train staff from state and territorial attorneys general offices on enforcement of the HIPAA privacy and security rules.

Speaking March 9 at the National HIPAA Summit in Washington, Susan McAndrew, deputy director for health information privacy at OCR, said the office would pay all expenses for two members of each attorney general office, HealthcareInfoSecurity.com reports.

The HITECH Act gives attorneys general authority to enforce the privacy and security rules through civil actions. In a statement on its Web site, OCR welcomes collaboration with attorneys general seeking to bring actions to enforce the rules, and will provide information upon request about pending or concluded OCR actions against covered entities or business associates related to state investigations.

The training sessions will provide an overview of the privacy and security rules and related HITECH Act provisions, investigative techniques for identifying and prosecuting potential violations, a review of HIPAA and state laws, OCR's enforcement role, state attorneys general roles and responsibilities under HIPAA and HITECH, resources for states in pursuing alleged violations, and HIPAA enforcement support and results.


Synergy Solutions can review your network security and data backup procedures. 

HIPAA procedures are now a part of “Meaningful Use” under the HITECH act.  HIPAA policy and procedure must be in place for reimbursement.  Combine HIPAA with potential Red Flag rules and your practice has more public liabilities than ever.  Now the Federal Government is training state attorney generals to enforce the laws.

 We will soon have the HIPAA police.

When Is The Last Time You Reviewed Your HIPAA Policy?

Call Synergy Today To Help You Become HIPAA Compliant.

HIPAA Is Now Part Of “Meaningful Use”

HIPAA Security Rule and Electronic Data Backup


A number of the Security Rule’s standard and specifications apply to the backup and safekeeping of electronic data. Covered Entities must have a contingency plan and:


Establish (and implement as needed) policies and procedures for responding to an emergency or other

occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information (Administrative Safeguards - §164.308(a)(7)(i)).


This contingency plan must be implemented as follows:


(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact

copies of electronic protected health information.

 (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of


 (C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable

continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.


Call Synergy Today To Help You Become HIPAA Compliant.

Text Box: Disaster Recovery in Healthcare Organizations: The Impact of HIPAA Security

What You

 Do Not Know Can Hurt You!


Click HERE For A

PowerPoint Presentation  On:


The New


Now Have

REAL Penalties