Schneier, Solove on Medical Privacy
In U.S. Medical Privacy Law Gutted, Bruce Schneier analyzes the new rules on who gets prosecuted for violating your medical privacy. Answer: fewer people than you’d think or hope:
I’ve been to my share of HIPAA security conferences. To the extent that big health is following the HIPAA law — and to a large extent, they’re waiting to see how it’s enforced — they are doing so because of the criminal penalties. They know that the civil penalties aren’t that large, and are a cost of doing business. But the criminal penalties were real. Now that they’re gone, the pressure on big health to protect patient privacy is greatly diminished.
In “How HIPAA Was Undermined,” Daniel Solove quotes Peter Swire:
Now, seeing that the federal government has created immunity for bad actors, all these people may wonder why they tried so hard to do the right thing.
Solove’s article is worth reading in full.
While the law applies to “fewer people than you’d think or hope” this is because Congress drafted the legislation to cover fewer people than you’d have thought or have hoped. For some legal analysis and perspective, see this HIPAA Blog post.