Kimberly Leonard reports:
Only two state attorneys general have pursued the authority Congress gave them two years ago to prosecute privacy and security breaches of health information — despite training from federal agencies and a consensus among privacy groups that enforcement needs to improve.
[…]
Experts blame a variety of factors for the apparent disinterest — the newness of the law, state budget constraints, conflicting priorities, even high rates of HIPAA compliance by health care providers. They also believe state attorneys general may have chosen to prosecute such cases under state privacy and security laws rather than the federal HIPAA law.
Read the full coverage on the Center for Public Integrity’s iwatch