For some, the subject of healthcare litigation may conjure medical malpractice or other actions involving the provision of medical care. The healthcare industry is far more complex, of course, and healthcare litigation can encompass a wide range of legal areas, including fraud, contract claims, employment discrimination, and violations of various state and federal statutes. Indeed, many issues that arise in healthcare matters are familiar and recognizable from other areas of business or commercial litigation. But given the unique nature of the medical provider-patient relationship, the confidential nature of patient information, and state and federal regulatory schemes, healthcare litigation often involves issues that require input from litigators who are well-versed in healthcare law and business disputes. HIPAA compliance is an area where counsel might be engaged to advise healthcare entities in order to avoid protracted administrative litigation or enforcement actions.
HIPAA violations occur when there is “a failure to comply with any aspect of HIPAA standards and provisions detailed in 45 CFR Parts 160, 162, and 164.” Violations include the unauthorized disclosures of protected health information (PHI), breaches of patient confidentiality, failure to conduct risk analysis, and more. A client’s failure to adhere to HIPAA’s rules and regulations can lead to serious legal or remedial enforcement actions that include significant civil penalties. While HIPAA does not provide for a private right of action, the U.S. Office of Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules, which apply to both healthcare providers and health plans (covered entities) and their business associates. Business associates and subcontractors are areas of special concern.