Rafal Los blogs on Digital Soapbox – Down the Security Rabbit Hole! about who really pays the fines when a hospital is fined as a result of a data breach:
When information is lost, the first thought often is to fine, fine, and fine again these institutions we find to be negligent in either securing their patient’s data, or reporting the breaches. The problem comes in when the fines actually start hitting, and you come to realize who’s really paying them. I’m all for levying large fines against institutions who neglectfully lose my patient health records, but is it really in my interest to fine the institution large sums when the costs will most likely simply be passed along back to me as the patient?
You can read his entire commentary here.