Most of us know that HIPAA has a section specifically for privacy and security. But is it really enough to keep our PHI out of nefarious hands? What if the device containing PHI is encrypted but the medical worker was forced to give up his/her password during the commission of a crime. HIPAA worked but PHI was still stolen. What kinds of safeguards can be legislated?
It will be interesting to see what the industry comes up with regarding this and then what CMS legislates accordingly.