Are your medical records a little safer today?
Maybe. But probably not.
After five years and tens of thousands of complaints, Health & Human Services finally put some teeth into their HIPAA Privacy rule, and two weeks ago fined a hospital system in Seattle $100,000 for HIPAA privacy and security violations.
$100,000? That’s more than a fine. That’s a statement.
But is it enough?
Let’s see, the HIPAA privacy rules went into effect in April, 2003. There have been dozens and dozens of privacy breaches since then. A few prosecutions. And one fine.
In just the past couple of days:
— There were as many as 500 victims of a privacy breach that occurred in Ft Bend County, TX, at the local Kelsey Seybold Clinic.
— An unknown number of medical records were stolen at Grady Memorial Hospital in Atlanta, GA.
— A potential database intrusion is alleged to have occurred at Saint Mary’s Regional Medical Center in Reno, NV, with as many as 128,000 records breached.
And only one fine.
And you know, that fine was for events that occurred in 2005 and 2006. Why does it take HHS two years to investigate and levy fines against a hospital system in which several laptops were stolen, which compromised more than 350,000 medical records?
The maximum civil fine that HHS can levy is $250,000. One would think that the theft of 350,000 records would merit more than a $100,000 fine. But it’s a start.
Have a problem getting copies of your or your family’s medical records? Concerned that maybe your medical records aren’t as secure as they could be? Let me know. Post a comment. I can help.