State Attorneys General Not Leaping to Embrace HIPAA EnforcementSeptember 20, 2011 – In The News
Only two state attorneys general have pursued the authority Congress gave them two years ago to prosecute privacy and security breaches of health information — despite training from federal agencies and a consensus among privacy groups that enforcement needs to improve.
The expansion of authority to state attorneys general in part reflected a general disappointment among privacy groups in federal performance regarding HIPAA violations.
One of the reasons for the lack of HIPAA enforcement on the AG's side is that they may choose to go through their own consumer protection statutes and privacy laws. Some legal authorities are surprised at the low number of prosecutions because of the potential for HIPAA cases to garner media attention for elected officials.
Michael Kline said attorneys general would likely be recognized for going after what he called "big bad faceless insurance companies."