With only a single conviction since its inception in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is failing to meet its own mandate, says IT research firm Info-Tech Research Group.

"HIPAA is a toothless tiger," says Info-Tech analyst Ross Armstrong. "The first problem is that HIPAA is complaint driven, and complaint-driven enforcement doesn't work. The second problem is that in the one HIPAA-related conviction that has occurred, only the individual was charged, not the organization itself."

"If HIPAA is to be truly protective and useful, healthcare entities and their executives must be held accountable in the same way that Sarbanes-Oxley holds CEOs and CFOs responsible."

Armstrong also points out that U.S. agencies' commitment to enforcing HIPAA is shaky. A report from the Government Accountability Office says that the FBI could not account for all of the $379 million it was given from 2000 to 2003 in order to investigate HIPAA-related frauds. Some of the money was shifted to counterterrorism efforts, but no one could verify that the remaining HIPAA funds were properly spent.

"One conviction that netted $9,000 in penalties hardly seems worth an investment of over a third of a billion dollars," says Armstrong. "Without proper government agency oversight, it comes as little surprise that there has been only one HIPAA conviction."

Armstrong says that the enforcement of HIPAA is weak compared to other privacy laws such as the Fair Credit Reporting Act, which earlier this month fined data broker ChoicePoint $10 million for a security breach that resulted in the theft of 160,000 consumer records.

The bottom line is that for HIPAA to be effective, it needs to be enforced with the same vigor that's dedicated to other laws.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access