Access your Pro+ Content below.
Perspectives: Lack of enforcement undercuts HIPAA
This article is part of the December 2006 issue of Information Security magazine
Without enforcement or financial incentives for compliance, HIPAA is toothless. I recently had an enlightening meeting with some of the physicians at my organization. I originally called the meeting to discuss the upcoming deployment of RFID-based, single sign-on authentication tokens in their department. We were supposed to talk about how this technology was going to make accessing clinical data easier, make our electronic records more secure and provide better HIPAA compliance. It was supposed to be a win-win situation. I was wrong. As I began to explain the benefits of the technology, the head physician cut me off. He bluntly said he didn't believe HIPAA was important and that he would not follow any policies because he didn't believe anyone would indict a physician over a security violation. He said all of the physicians in his area shared their passwords, and sometimes one physician would remain logged in on all of the department's computers so everyone had access to applications. I explained this action was a violation of ...