This Article 
 Bibliographic References 
 Add to: 
HIPAA Security Enforcement Is Here
November/December 2008 (vol. 6 no. 6)
pp. 70-72
Kirk J. Nahra, Wiley Rein LLP
Enforcement has been slow in coming for the administrative simplification rules under the US's Health Insurance Portability and Accountability Act (HIPAA). For more than five years, the Office of Civil Rights in the Department of Health and Human Services (HHS) has been responding to criticism that it has not been enforcing HIPAA's privacy rule as evidenced by its lack of formal enforcement penalties during this period. At the same time, although reports of security breaches continue to grow, no enforcement efforts have occurred related to HIPAA's security rule. This now appears to be changing, at least incrementally, with three new enforcement developments in the information security area. These actions—which include a significant enforcement penalty, an aggressive audit, and a series of security compliance reviews, clearly demonstrate that we've entered a new era for HIPAA enforcement. They also provide healthcare companies with a wide range of useful information about areas of potential concern for security compliance, along with clues as to how the HHS might proceed.

1. J. Vijayan, "HIPAA Audit at Hospital Riles Health Care IT: Industry on Edge After Feds Examine Data Security Procedures at Atlanta Facility," Computerworld,15 June 20007; .

Index Terms:
HIPAA, privacy, security, compliance, privacy interests
Kirk J. Nahra, "HIPAA Security Enforcement Is Here," IEEE Security & Privacy, vol. 6, no. 6, pp. 70-72, Nov.-Dec. 2008, doi:10.1109/MSP.2008.143
Usage of this product signifies your acceptance of the Terms of Use.