McDonalds, Subway, KFC have branches in India
1. Does HIPAA have requirements that those in the medical profession must meet?
2. Are there any penalties attached to HIPAA that can / must be applied to those who are not HIPAA-compliant?
3. We have just had a practical application of Points 1 and 2: a. Operating systems that are not supported by their manufacturer are not HIPAA-compliant; b. Windows XP is no longer supported by it's manufacture, therefore it is not HIPAA-compliant' c. Therefore, any office that uses Windows XP is not HIPAA-compliant
4. What is the HIPAA penalty for offices that still use Windows XP?
If the cost of switching to a new operating sytem is greater than the HIPAA penalty for continuing to use Windows XP, the smartest economic choice will be to continue using WinXP.
5. Offshore processors of patient information have no legal reason to be HIPAA-compliant - as they are outside the reach of U.S. law. Some may choose to be compliant, in order to attract business. But others will find that they can do business more cheaply by staying not compliant.
6. At this link, click on the "Enforcement and Penalties for non-compliance link toward the bottom of the page. See these words there: Penalties will vary significantly depending on factors such as ... whether the covered entity’s failure to comply was due to willful neglect.http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
I think that purposefully sending patient information to an organization that you know is not HIPAA-Compliant would count as non-compliance due to willful neglect. So - one should be able to file a class-action lawsuit against all medical organizations that send patient data offshore.
But wait - in order to have standing so that the court will accept your case and not throw it out, you must be able to state damages. That is, you must state how patients as a class, and each individually, have been damaged by having their personal medical information forwarded to an entity that is not HIPAA-compliant.
Is the cost of finding and proving those damages to the court greater than the penalty that will be imposed for failing to comply with HIPAA due to willful neglect? If yes, it does not make economic sense to file such a lawsuit, and such a lawsuit will not be filed.
We are a pretend world. We pretend to be somebody we are not. And we pretend to have laws that will protect the individual, when they will actually protect someone only when the economics of the situation are favorable.
7. To others, with regard to breaking down into tribes, and protecting our own resources, etc. Research has demonstrated time and again that the most effective span of control is around 13-15 people (a single leader cannot effectively handle much more than that). Even rats, when hundreds are placed into a single enclosure, will break down into groups of about that size.
Bottom line of this research is that any group which does not protect its own resources will soon have those resources taken away by any group that dares to attack them. In a "society" composed of thousands of 15-person small-groups - who will not protect their own resources - all it takes is one group, out of those thousands, willing to take away the resources from other groups, to end up with thousands of 15-person small-groups with no resources, and one 15-person small-group with all of the resources. That is the way it has always gone.If you are not willing to defend what is yours, someone WILL take it away from you. Because of this, the world will always be populated by tribes, willing to defend what is theirs.
Linda - my bad. I should have stated that my first couple of questions were rhetorical. They were simply meant to help focus attention so my points would be more obvious.
I was supporting your point made earlier in this thread. And pointing out why your point won't ever win when the cost of complying is greater than the cost of non-compliance.