Privacy protection is important in all businesses, including both for-profit and not-for-profit businesses. In recent developments substantial civil money penalties have been assessed against privacy violators in the health care industry. One of the fines was for $4.3 million against one medical facility, and another was a $1 million fine against a different hospital.

Perhaps you have heard anecdotal stories about the neighborhood intersection where neighbors start to notice that increased traffic through the intersection presents increased risks to children and others in the area. The neighbors complain to the local governing authority, but nothing happens until a few significant personal injuries occur in the intersection, and only then traffic signals are installed or law enforcement begins more closely monitoring the intersection. Whether or not those anecdotal stories are true, in some organizations, large and small, the approach to privacy is often like that hypothetical intersection–an accident waiting to happen.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act and amended the penalty amounts established under HIPAA, combine to form a strong statutory foundation for organizations handling health care information to pause and give serious consideration (and resources) to prevent privacy violations.