HIPAA has no bite

In yesterday’s Washington Post, an article by Rob Stein pointed out the shortcomings of the Health Insurance Portability and Accountability Act (known as HIPAA)–a law with a significant impact on facilities where patient privacy is a concern (medical offices, pharmacies, etc.) Stein writes,

In the three years since Americans gained federal protection for their private medical information, the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases.

The government has “closed” more than 73% of the cases — more than 14,000 — either ruling that there was no violation, or allowing health plans, hospitals, doctors’ offices or other entities simply to promise to fix whatever they had done wrong, escaping any penalty.

While praised by hospitals, insurance plans and doctors, the approach has drawn strong criticism from privacy advocates and some health industry analysts. They say the administration’s decision not to enforce the law more aggressively has not safeguarded sensitive medical records and has made providers and insurers complacent about complying.

The full article can be found here.