An investigation by ProPublica and NPR claims that the federal Office for Civil Rights within the U.S. Department of Health and Human Services, tasked with enforcing the Health Insurance Portability and Accountability Act has accumulated data on the companies who have violated patient privacy law but failed to take any punitive action against them. The largest violators are major companies such as the VA, CVS and Walmart, and these companies who have failed their customers by failing to protect their privacy have issued little more than apologies to their victims.
“Although the Office for Civil Rights receives thousands of complaints a year — nearly 18,000 in 2014 — it issues only a handful of financial penalties. The agency posts details online about the fines violators have agreed to pay (fewer than 30 since 2009), as well as a listing of large breaches.”
–ProPublica.Org (Full Story)