Even though over 19,420 HIPAA complaints/violations have been officially lodged since HIPAA went into effect, it has resulted in zero fines. http://www.msnbc.msn.com/id/13137354/ This is amazing, but unfortunately, not surprising. Other than two criminal prosecutions on specific individuals, there appears to be no penalties for organizations violating the HIPAA Act. Like the non-successfully prosecutions of SOX Even though over 19,420 HIPAA complaints/violations have been officially lodged since HIPAA went into effect, it has resulted in zero fines.https://www.msnbc.msn.com/id/13137354/This is amazing, but unfortunately, not surprising. Other than two criminal prosecutions on specific individuals, there appears to be no penalties for organizations violating the HIPAA Act. Like the non-successfully prosecutions of SOX violators, it tells corporate America that it’s cheaper to not meet the guidelines.If you add in the fact that only three companies were fined in 2004 for hiring illegal immigrants https://www.cnn.com/2006/US/05/10/dobbs.enforcement/index.html (even though they make up 12 million of our work force), it makes you wonder why we even bother going through with making our various “security” laws? It’s as if Congress passes our financial, security, and privacy laws to make consumers happy, but then behind the scenes promise business that they really won’t prosecute violators…so everyone “wins”!What is frustrating is that with non-enforcement of existing laws it is hard to place the blame on the correct agency. We can’t blame Congress since they actually passed the law (unless they under funded the compliance checking). We probably can’t blame the enforcers because they are just doing what they are told from their superiors above. So, who gets the blame? All of them?? Us, for putting up with it? If I was the CIO at one our nation’s hospitals, I might actually decrease my HIPAA compliance budget this year. If it’s a law without any teeth, why waste the funds when there are so many other competing objectives? Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe