I started a study of HIPAA several years ago. I have been urging dentists to understand and use digital technology for over twenty years and I believed it was important for me to know about digital data safety and how the HIPAA rules would impact dentists.
I learned a lot about the nature of cyber crime and the essential issues that compromise our security. It is a fascinating and frightening subject.
I also learned a lot about administrative law. That is the way regulations and rules like HIPAA are administered. I found that subject equally frightening but for different reasons. The following article from Reason Magazine describes part of the problem.
In one recent year alone, Congress passed 138 laws—while federal agencies finalized 2,926 rules. Federal judges conduct about 95,000 trials a year, but federal agencies conduct nearly 1 million.
…By failing to rein in regulatory agencies when they overstep their bounds, the Supreme Court and Congress have allowed those agencies not merely to administer law, but to create it—and run roughshod over the public in the process.
Administrative law, is written and enforced by bureaucrats. It is not controlled by the legislative branch, the people we elect to make laws. And it is not subject to the rules of the court. We have well defined and well-protected due process rights in court. For the most part these get tossed aside in administrative hearings and trials.
For example the fifth amendment to the constitution protects US citizens from self incrimination. People can not be compelled to witness against themselves. HIPAA rules turn this on its head. If you suffer a possible data breach in your office, say a burglar stole a computer, you are compelled to inform the government. Failure to turn yourself in is another violation of the rules and subject to punishment. Severe punishment. Fines can easily jump into the high six figures and could literally destroy a dental practice and bankrupt the dentist.