From today’s Washington Post:
In the three years since Americans gained federal protection
for their private medical information, the Bush administration has received
thousands of complaints alleging violations but has not imposed a single
civil fine and has prosecuted just two criminal cases.[...]“Our first approach to dealing with any complaint is to work for
voluntary compliance. So far it’s worked out pretty well,” said Winston
Wilkinson, who heads the Department of Health and Human Services Office of
Civil Rights, which is in charge of enforcing the law.While praised by hospitals, insurance plans and doctors, the approach has
drawn strong criticism from privacy advocates and some health industry
analysts. They say the administration’s decision not to enforce the law more
aggressively has failed to safeguard sensitive medical records and made
providers and insurers complacent about complying.
I could almost buy the idea that pressing for voluntary compliance is a
preferred manner of regulatory oversight. However, considering other
positions taken by the administration…I’m not sure that this is “quietly
effective” regulatory oversight as much as not valuing privacy rights.