Justice Department Opinion Muddies Privacy Rule Enforcement
(July 11, 2005)

Press reports, particularly from the New York Times, characterized a recent Department of Justice opinion as cutting back on enforcement of the HIPAA privacy rule.

But that characterization is incorrect, contends Mark Lutes, an attorney specializing in health care law and a partner at the Washington law firm Epstein, Becker & Green. "A covered entity and the managers of a covered entity cannot conclude from the opinion that with impunity they can ignore facts and situations that could lead to a HIPAA privacy violation," he says.

What's certain is the opinion is confusing. It was issued in June at the request of the Department of Health and Human Services' general counsel and the senior counsel to the deputy attorney general in the Justice Department.

The counsel asked for clarification of the scope of section 1320d-6, which is the criminal enforcement provision in the HIPAA statute, in instances of violation of a patient's privacy. Three weeks following the opinion, HHS attorneys still were analyzing it and were not ready to comment on how the department would interpret the opinion.

A story in the August issue of Health Data Management walks through the Department of Justice opinion and its potential ramifications.

Posted to HIPAAcomply 7/11/05