Yes--HIPAA provides a mechanism for fines to be levied against (most) healthcare organizations that suffer data breaches through the office of civil rights (OCR), with a public reporting of organizations that have been penalized.
> Yes--HIPAA provides a mechanism for fines to be levied against (most) healthcare organizations that suffer data breaches through the office of civil rights (OCR), with a public reporting of organizations that have been penalized.
Unfortunately, HIPAA is an incredibly rigid, incredibly broad law, and it's applied to a field in which security practices are incredibly inconsistent.
As a result, HIPAA violations are pretty commonplace, and the vast majority are never reported to HHS, let alone penalized.
Unfortunately, HIPAA is an incredibly rigid, incredibly broad law, and it's applied to a field in which security practices are incredibly inconsistent.
As a result, HIPAA violations are pretty commonplace, and the vast majority are never reported to HHS, let alone penalized.