Monday, February 5, 2007

Do Lax Privacy Violations Enforcement Makes HIPAA Toothless?

(from Med-Privacy Mailing list)
In the three years since the enforcement provisions of the HIPAA Privacy Rule went into effect, more than 21,000 complaints alleging privacy violations have been filed with the Office for Civil Rights at HHS. Yet only 2 criminal cases have been filed and NO fines have been assessed in response to any of those complaints.

Congress’ intent in passing the HIPAA statute in 1996 was to create strong protections for patients' privacy. Yet ten years later, patients' most sensitive information is more exposed and vulnerable than ever before. Lax enforcement, inadequate penalty provisions and HHS amendments in 2002 turned HIPAA into an act that allows patients' most sensitive information to be shared without their permission and without penalty for improper use.

No comments: