No need to fret about absence of prosecutions under HIPAA
Mickey tells me that the lack of fines and prosecutions under HIPAA is not the problem that the Washington Post would have us believe.
In the three years since Americans gained federal protection for their private medical information, the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases.
The law gave the job of enforcement to HHS, including the authority to impose fines of $100 for each civil violation, up to a maximum of $25,000. HHS can also refer possible criminal violations to the Justice Department, which could seek penalties of up to $250,000 in fines and 10 years in jail.
It is wrong to imply that the law or its enforcement has been useless. This is like putting up a stop sign and complaining that some people continue to go through the stop sign so not much has changed. In fact, doctors are being much more careful about privacy and avoiding the draconian provisions of the law in the early years is the most sensible approach to phasing-in a hugely complicated law.
June 5, 2006
Representatives of hospitals, insurance companies, health plans and doctors praised the administration’s emphasis on voluntary compliance, saying it is the right tack, especially because the rules are complicated and relatively new.
“It has been an opportunity for hospitals to understand better what their requirements are and what they need to do to come into compliance,” said Lawrence Hughes of the American Hospital Association.