La Belle Dame Sans Regrets

From the article in ComputerWorld cited below:

"HIPAA provides for civil penalties of up to $25,000 and criminal penalties of up to $250,000 per year for noncompliance. But the CMS initiates an enforcement process only if a complaint is filed against a company.
As a result, many businesses are unwilling to invest the money and resources needed to comply, said James Bragg, a former HIPAA security officer at a Tulsa, Okla.-based hospital. Bragg said he was laid off earlier this year after he had implemented "very basic levels of access and audit controls" for the hospital. "

Oh, very nice. This is akin to putting your fingers in your ears and chanting "lalala"--- I hope this hospital and others like them find their happy place, because the process is complaint driven. All it takes is one disgruntled employee--- like for instance the HIPAA guy they laid off--- to blow the whistle, and they will be paying lawyers instead of compliance officers. We may be expensive, but few of us bill by the hour.