For the first time, to my knowledge, there is a lawsuit invoking the new provisions of the HITECH Act -- Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net for violating HIPAA requirements. HIPAA of all things! One of the oldest info\/data protection regulations and one that historically has had no real bite to it (and thus has not been taking as seriously as other regulations like PCI-DSS.) The law suit came about because last month a portable hard drive was lost or stolen from Health Net and it contained the protected ePHI (electronic protected health information) \u2013 things like social security numbers, bank account info, etc. The data on the hard drive included 25 million scanned pages of documents: \u00a0insurance claim forms, membership forms, grievances, medical records, etc. \u00a0Naturally, the data was not encrypted. It also wasn\u2019t restricted or protected from access by unauthorized staff. Therefore, the CT AG filed suit claiming that Health Net failed to:\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Ensure the confidentiality and integrity of ePHI\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Supervise and train its workforce on policies and procedures regarding ePHI\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Promptly notify authorities and residents of the breachHow many more of these horror stories are we going to bear?\u00a0This stuff can be avoided by following some very straight forward and relatively simple procedures. Do business leaders realize how expensive these new HITECH requirements can be -- especially with the all-important precedent now set?\u00a0Think about all the time and money this is going to cost Health Net, not to mention hits to their reputation, the enormous legal fees they\u2019re facing\u2026 and what will happen to their insurance rates and policies now? Is this the event the HIPAA world has finally been waiting for? How many other organizations will face something just like this in the future? Have you implemented policies and procedures to ensure compliance with the HITECH requirements? Have you trained your employees on new requirements (or even the \u201cold\u201d HIPAA requirements) and implemented an ongoing awareness training program? A survey in November 2009 by ID Experts revealed that 1\/3 of business associates were not aware they need to adhere to the new security and privacy requirements \u2013 let me repeat that\u2026 1\/3 were not even AWARE. The survey also revealed that 50% of hospitals would terminate contracts with business associates for any ePHI violation or not adhering to the standards. Will these new HITECH requirements be the catalyst for HIPAA? Will the HITECH requirements be the next PCI-DSS? Let me hear from you \u2013 what are you doing about this, if anything?