By Tamer Abouras
There’s something all at once comforting and disconcerting about superhero comics and cartoons. While the black and white, good and evil dynamic depicted within most of them is indicative of childhood and that kind of clarity is something adults often sorely miss, there’s an odd level of security in knowing that while reality may not hold our heroes, it also has virtually no room for the supervillains either.
In the absence of evidence proving otherwise, there aren’t any bad guys hell-bent on world domination that live alone in secret towers far away. Or if there are, they don’t appear to be any sort of serious threat to the average person.
On the other hand, the comfort of those cartoons comes precisely from that lack of confusion. It might be nice to know that most people — even the bad ones — are complex and ambivalent, but there are many instances where those behaviors wander into the realm of being duplicitous and differentiating between friends and enemies can become challenging.
SEE ALSO: Diagnosing Digital Threats
The one thing you can be absolutely certain of, however, is that even in instances where the matter in question doesn’t involve a person or organization being actively harmful, you should probably assume they don’t have your particular best interests at heart when the thing they want most from you is your business.
Case in point: This report from ProPublica, which cites CVS, Kaiser Permanente, Walgreen’s, and Veterans Administration (VA) as the nation’s top HIPAA violators. According to American Journal of Managed Care (AJMC), ProPublica’s investigative series “ … has revealed that top retail pharmacy chains, health plans and the VA routinely violate the Health Insurance Portability and Accountability Act (HIPAA), both through sloppy mistakes and rogue acts of spying.”
AJMC’s Mary K. Caffrey continued, writing “Cases reviewed by ProPublica included honest but distressing errors, such as delivering cancer medication to the wrong address. Worse are the purposeful, intrusive lapses such as sharing patient photos on Snapchat or the male VA worker who allegedly used records to look up information on a patient he wanted to date. ProPublica found that the HHS Office of Civil Rights has enormous discretion under HIPAA — it can settle cases quietly, which seems to be the modus operandi — or it can impose fines of up to $50,000 per violation, up to a maximum of $1.5 million per year. Criminal charges are possible in the most egregious cases, and complaints can be posted online if patient information is withheld.”
If Caffrey’s reporting is any indication, the punishments for repeat offenders err on the side of being awfully light. “The HHS Office of Civil Rights issues only a handful of fines—fewer than 30 since 2009 — on the more than 18,000 HIPAA complaints it receives each year,” she said. And while CVS reportedly did pay a $2.25 million fine in 2009 for “tossing prescription bottles in a dumpster,” there were still nonetheless over 200 complaints about them between 2011 and 2014, according to the ProPublica report.
The threat of having our information stolen by hidden thieves is something we have to accept and be wary of, but the threat of carelessness — or even malicious behavior — on the part of our purportedly friendly neighborhood pharmacies is something that hits just a little bit closer to home.