Business Associates Beware: First HIPAA Enforcement Action Against a Business Associate

By Adam H. Greene and Rebecca L. Williams

Over at our Learning Center, be sure to check out the new advisory on the first formal enforcement action against a business associate, Accretive Health, Inc., for alleged violations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which was brought by Minnesota’s Attorney General under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  The enforcement action comes after the theft of an unencrypted laptop computer containing approximately 23,500 patients' records, and offers stark reminders both that the HITECH Act’s provisions for business associates currently are in effect, and that state attorneys general and the federal Department of Justice are not bound by the U.S. Department of Health and Human Services’ still-effective forbearance from enforcing the HITECH Act in cases like that of Accretive Health.  You can read more here.