Monday, June 05, 2006

Nothin' from Nothin'

Here it is. The Washington Post story that everyone is talking about, and a ton of reactions from different sources. First the story:

A total of 19,420 grievances have been lodged, the most common allegations including that personal medical details were wrongly revealed. The Bush administration has not imposed a single civil fine and has prosecuted just two criminal cases, one of them in Texas.

And here are a few of the reactions:

From KaiserNetwork

Chris Apgar, president of Oregon health care industry consultant Apgar & Associates, said providers "are saying, 'HHS really isn't doing anything, so why should I worry?'" Privacy advocates say the need to enforce HIPAA will increase if or when the federal government is successful in its effort to implement a system of electronic health records.

From the comments at Slashdot

I'd say the right thing to do is to give the regs more teeth by prosecuting a few of the worst offenses. Basically, make it easy to show how and why disclosures caused damaged. This will put people on notice that the government is serious about the regs. If that doesn't work, the regs themselves can be tightened up, hopefully in the context of broader data privacy legislation.

From UPI

Privacy advocates and some health industry analysts say the administration's decision not to enforce the law more aggressively has failed to safeguard sensitive medical records and made providers and insurers complacent about complying...

The Slashdotters seem to have the most to say about this. This is timely, of course, with several other privacy issues on the map right now. It is not really news, though, because the HIPAA cops have a built-in excuse--- many parts of compliance are discretionary, and while in general it is nice that the primary thrust has been to help with compliance rather than penalize providers, there are egregious offenders out there who should be fined or prosecuted. That HHS has only found less than a handful means that they are probably not trying all that hard. Wink-wink nudge-nudge enforcement means that the clowns who don't give a damn about handling sensitive information are reinforced in their bad behavior, and the rest of us who are trying to behave in ethical ways are given nothing in return for our efforts.
I truly understand that the current political climate is not very regulatory enforcement friendly, but you would think that there are some things that everyone, regardless of where they hit on the political spectrum, would like to keep to themselves. Personal health information should be near the top of the list. But perhaps, if our PHI is kept private, the terrorists win. That certainly has been the excuse for every other recent erosion of privacy--- it has worked so well everywhere else, why not here?

No comments: