By Charles Ornstein
The Washington Post
December 30, 2015
Here is an excerpt:
In each story, a common theme emerged: HIPAA wasn’t working the way we expect. And the agency charged with enforcing it, the HHS office for civil rights, wasn’t taking aggressive action against those who violated the law.
We all know HIPAA, whether we recognize the acronym or not. It’s what requires us to stand behind a line, away from other customers, at the pharmacy counter or when checking in at the doctor’s office. It is the reason we get privacy declaration forms to sign whenever we visit a new medical provider. It is used to scare health-care workers, telling them that if they improperly disclose others’ information, they could pay a steep fine or even go to jail.
But in reality, it is a toothless tiger. Unless you’re famous, most hospitals and clinics don’t keep tabs on who looks at your records if you don’t complain. And even though the civil rights office can impose large fines, it rarely does: It received nearly 18,000 complaints in 2014 but took only six formal actions that year. A recent report from the HHS inspector general said the office wasn’t keeping track of repeat offenders, much less doing anything about them.
The story is here.