Lawsuit seeking to block outsourcing of CDPAP cites HIPAA violations

A lawsuit suggests part of New York's plan to outsource the Consumer Directed Personal Assistance Program (CDPAP) violates federal healthcare privacy laws. The lawsuit filed Monday argues customer data is protected by HIPAA, which stands for Health Insurance Portability and Accountability Act, requires prior written consent from any healthcare customer before the disclosure of identifiable information. A judge issued a temporary restraining order barring the New York State Department of Health from forcing a homecare agency to provide lists of customer data.