We often forget that state AG’s have jurisdiction under the HIPAA Omnibus Rule to levy fines and penalties against HIPAA covered entities for violations. This is because the Office for Civil Rights has traditionally taken the primary role in enforcing HIPAA. But Horizon Blue Cross Blue Shield of New Jersey (Horizon) was reminded of the AG’s ability to enforce HIPAA when it recently agreed to pay a $1.1 million fine to the New Jersey Division of Consumer Affairs for an incident that occurred in November of 2013  involving the theft of two unencrypted laptops from its offices.
Continue Reading Horizon BCBS of New Jersey Pays State $1.1 million for HIPAA violations