While there have been 20,000 complaints, no fines have been issued to providers, payers or clearinghouses under the four-year-old Health Insurance Portability and Accountability Act, according to privacy experts.
But this lack of penalties should not be construed as adherence to the law. Covered entities lax in compliance and training are putting their companies at serious risk, according to panelists speaking during a session of The 2007 International Association of Privacy Professionals Privacy Summit last week in Washington, DC.
About 73% of complaints have been handled and closed by the Department of Health and Human Services Office for Civil Rights, and an estimated 250 complaints have been referred to the Department of Justice, according to panelists at the summit.
