In 1996, when the Health Insurance Portability and Accountability Act (HIPAA) came into effect, organizations did their best to comply. However, because HIPAA breaches are prosecutable under civil statutes and not considered criminal, HIPAA requirements were like setting a speed limit with no police officers to hand out speeding tickets. Recognizing the lack of specificity in the regulations and the absence of any teeth in its penalties, President Obama signed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HITECH Act mandates stricter data protection regulations for improved patient privacy and data security. Moreover, when patient privacy has been violated, Attorney Generals can initiate criminal proceedings.
展开▼