HIPAA breach fines: It’s time to rethink this mess

The Department of Health and Human Services Office for Civil Rights (OCR) often fines hospitals for data breaches, but experts argue that this approach is not sustainable. Tom Walsh, founder and managing partner of tw-Security, suggests putting the fine money into an escrow account and releasing it back to hospitals when they meet certain criteria. Another suggestion is to create a voluntary certification program for healthcare providers and vendors to validate HIPAA compliance. However, experts acknowledge that these solutions would need to generate enough revenue to sustain themselves without crippling hospitals’ budgets.