The U.S. may use the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to enforce strict rules against the unauthorized sharing of medical records, but findings published by ProPublica uncover privacy breaches, suggesting that the government has neglected to enforce laws and to track repeat offenders.
While regulators continue to log hundreds of complaints against some health providers for violating federal patient privacy law, companies say they take privacy seriously. As warnings are doled out, few sanctions are imposed, according to the report.
ProPublica took matters into its own hands by launching a new tool, HIPAA Helper, using data provided by the Office for Civil Rights (OCR) under the Freedom of Information Act. The search engine allows users to look up reports of privacy violations by provider. Those searching the data can use a variety of keywords to obtain the same information. For example, CVS was listed as “CVS,” “Pharmacy, CVS,” “Caremark, CVS” and “CVS Caremark.”
Similarly, the report says, searchers can identify Kaiser Permanente as “Kaiser Foundation Hospital,” “Kaiser Hospital,” “Kaiser Permanente” and “KP.”
A search for “blue cross blue shield” returned 15 results from all sources. The query results provide the date, type, issue, and outcome, along with the reporting agency.
The search engine allows people to query all agencies for the California Department of Public Records, HHS Office for Civil Rights, and U.S. Department of Veterans Affairs.