HIPAA Blog

[ Monday, June 05, 2006 ]

HIPAA Unenforced? Calling Fox Butterfield. You've probably already seen the Washington Post story on how "the Bush administration" is failing to enforce HIPAA. Why so little enforcement? Perhaps it's because the law purports to fix a problem that wasn't really a problem. Almost every single player in the healthcare industry scrupulously protects the patient information it holds. Sure, there are a few really bad eggs that misuse information, but mostly those are individual scammers and criminals who just happen to be in healthcare; they would steal information if they worked at the DMV or for a retailer. By and large, virtually all physicians and hospitals are pretty damned diligent about keeping PHI under wraps. HIPAA helps keep everyone's eye on the ball and makes the players "think" about privacy, but there just wasn't a huge problem that needed HIPAA to fix it.

Secondly, the entire enforcement aim of HIPAA is to protect the information, not send otherwise good players to jail. Since there wasn't a big problem to begin with, would you be surprised to find that most of the problems that do come up are easily fixed with just a little counseling and training? Why would anyone be surprised that a law intended to fix a non-existent problem is "essentially meaningless"? I wouldn't expect anything but.

You could pass a law that anyone exceeding 250 miles per hour on a public street would automatically be given a 20 year non-probatable sentence; would you complain if after three years, nobody had yet been sentenced? Perhaps it's because nobody is driving 250 miles per hour.

Who (or what) is Fox Butterfield, you ask? He's a NY Times reporter famous for wondering how crime rates could be dropping when prison populations keep rising. This isn't exactly the same, but it's pretty close.

Here's a better question: it seems to me that there have been precious few, if any, cases prosecuted under the Patriot Act. Why isn't the Washington Post complaining that the Patriot Act isn't being enforced enough? Surely the Patriot Act was enacted to address a much more serious issue than HIPAA; why won't the Washington Post bemoan its underenforcement? Actually, wouldn't you want more vigorous, zealous pursuit of terrorists than of hospitals who don't do enough to keep your gall bladder information out of public hands?

Jeff [4:16 PM]

Comments:

Hey Jeff, I found your article through the WaPo "blogs linking here" thing, and I'd just like to say that I completely agree with you, and have written a detailed post on why exactly the WaPo article was full of bologna that serves as a nice supplement to your take on it.

# posted by

Rian : 10:58 PM