HIPAA violations not drawing fines

The Washington Post reports that since the Health Insurance Portability and Accountability (HIPAA) law went into effect three years ago, only one fine has been levied against a provider. In that time period, exactly 19,420 grievances have been filed with the Department of Health and Human Services. According to the newspaper, the vast majority of cases have been closed.

Passed by Congress in 1996, HIPAA was intended to safeguard the privacy of consumer medical information and increase public confidence in the healthcare system at a time when the idea that personal data might be properly used by providers and insurers began to spread. Hospitals, insurers and providers have been happy with the government's approach, which focuses on "voluntary compliance" rather than more aggressive sanctions. Critics argue that by not enforcing the rules more strictly, health officials run the risk of rendering it irrelevant. Janlori Goldman, Director of the Washington-based Health Privacy Project comments, "I think we're dangerously close to having a law that is essentially meaningless."

- see this article from The Washington Post