Regulators have logged dozens, even hundreds, of complaints against some health providers for violating federal patient privacy law. Warnings are doled out privately, but sanctions are imposed only rarely.
Deceased vets’ data has been sent to the wrong widows. Employees have snooped on the records of patients who’ve committed suicide. And whistleblowers say their own medical privacy has been violated.
Laura's Law could provide a middle ground between the old norm of total institutionalization and the new one of total abandonment. But the statute is struggling to reconcile forestalling tragedies with patients' rights.
Breaches that expose the health details of just a patient or two are proliferating nationwide. Regulators focus on larger privacy violations and rarely take action on small ones, despite the harm.
The federal privacy law known as HIPAA doesn’t cover home paternity tests, fitness trackers, or health apps. When a Florida woman complained after seeing the paternity test results of thousands of people online, federal regulators told her they didn’t have jurisdiction.
Yet another health insurer recently reported a massive data breach, affecting the financial and medical information of 11 million people. We asked the head of the federal agency tasked with investigating these issues whether the notion of patient privacy was outmoded.