This past week, American media picked up on a Pro Publica story of February 27 that echoed what I had noted again four days earlier: there have been relatively few monetary penalties issued by HHS for breaches. As I’ve also noted at times, and despite the serious problem of insider breaches for tax refund fraud, HHS has issued no monetary penalty for failure to prevent an insider breach of that kind. There have also been relatively few criminal prosecutions under HIPAA, although as an HHS spokesperson had pointed out to me, OCR refers cases for criminal prosecution to DOJ.
Now Ontario’s government is also coming under fire.
Olivia Carville reports:
Since the Personal Health Information Protection Act (PHIPA) came into force in 2004, it has resulted in zero completed prosecutions — despite more incidents and high-profile breaches, such as numerous violations of Rob Ford’s hospital records and the anti-abortion activist who snooped into abortion files.
It appears the lack of action has come about largely because the authorities who preside over the act are unsure of the protocols for launching prosecutions and because the government does not believe a recommendation from the privacy commissioner to lay charges is enough to act upon.
Read more on Toronto Star.