Protect and Survive

From Newswise comes this interesting snippet---

CHERYL CAMIN, attorney at GARDERE WYNNE SEWELL: "The Justice Department's recent ruling, which sharply limited criminal liability for violations of the HIPAA privacy rule by individuals and companies, should not be read as letting violators off the hook completely. They may still be criminally or civilly liable under other federal and state laws. If a hospital is found liable for an employee or vendor's mistake, the hospital may seek recourse against them for breach of contract. And this announcement may not be the final word on HIPAA liability, either. Additional interpretations of this and future DOJ rulings will shed more light on who really may be held accountable under HIPAA."

Once again, here in Washington State, as in several other states, we have privacy laws that are a little more fierce than HIPAA, and so pre-empt them. It is important that you include your state privacy laws and guidelines in any HIPAA training that you provide for your employees. It would be a shame to be perfectly in compliance with HIPAA, have a complaint, and still be in violation under state law.