Connecticut Attorney General Richard Blumenthal entered a brave new world yesterday, as the first state AG to file a HIPAA enforcement action under the "Son of HIPAA" amendments found in the HITECH Act. Among other HIPAA changes made in the new law (all of which should be of concern to health care providers, health care payors, health care clearinghouses -- "covered entities" or CEs -- and their "business associates" -- vendors who touch electronic protected health information or ePHI), there is a provision that permits state attorneys general to file HIPAA enforcement actions on behalf of the people of their state, in order to protect their interests, and to seek injunctive relief and/or money damages. See Sec. 13410(e) of ARRA (p. 160 of HR 1 PDF).
These claims are consumer protection claims, a familiar territory for state attorneys general.