A recently announced CVS settlement agreement and newly enacted amendments to the Privacy & Security Standards of the Health Insurance Portability & Accountability Act (“HIPAA”) require that health care providers, health plans, health care clearinghouses and their business associates review and tighten their practices governing the use, protection and disclosure of protected health information (“PHI”) to guard against growing liability exposures under HIPAA and other federal and state laws. Business associates that have not already done so also must appoint privacy officers and adopt and implement privacy and data security policies and procedures fully compliant with HIPAA and other applicable federal and state rules.
