On September 11, 2023, a significant event took place in the public health sector in the United States. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an unprecedented resolution agreement and corrective action plan (CAP) with L.A. Care Health Plan, the nation’s largest public health plan, following investigations over potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This shocking development sees HHS imposing severe corrective measures against a high-profile entity in the public health arena. JD Supra shared detailed insights on the issue.
The headaches for L.A. Care Health Plan are unlikely to decompress soon, with the least of their woes being a hefty $1.3 million fine. While this charge might not break their bank, staying in line with the rigorous regulations in the CAP will no doubt prove to be an immensely challenging undertaking.
The underlying concern raises paramount questions about operational conduct, privacy and information security issues that might be lurking in the public health plans of other similar entities – an alarm that should not be taken lightly given the massive amounts of sensitive personal health information involved. This precedent set by the HHS OCR may well dictate the degree of scrutiny public health plans might face in the near future.
This level of heavy-handed enforcement action by the HHS OCR emphasizes the gravity with which potential HIPAA violations are viewed. It sends a clear signal to other healthcare providers, encouraging strict adherence to the HIPAA Privacy, Security, and Breach Notification Rules. Thus, legal professionals and entities operating in the healthcare sector need to be cognizant of the serious repercussions of any lapse in enforcing stringent privacy and security controls effectively.