Toothless Indeed

3:45 PM -- Happy birthday, dear HIPAA. Yes, hard as it is to believe, the Health Insurance Portability and Accountability Act is ten years old this year. Just don't expect any presents or a nice cake.

HIPAA has probably done a great deal to close off maddening loopholes like that pre-existing condition exclusion that made many wonder why they even bothered with coverage. And I daresay HIPAA, like its accounting counterpart the Sarbanes-Oxley Act (SOX), has been very, very beneficial to storage vendors of all stripes. Who says government interference is bad for business?

Still, the Info-Tech Research Group's latest report drew a vigorous, virtual nod from me this morning. (See Research Finds HIPAA Ineffective.) Enforcement of the decade-old law has resulted in exactly one conviction and some uncertainty about how the FBI spent $379 million earmarked for enforcement.

We've certainly burnt up plenty of pixels here at Byte and Switch tracking federal and state legislation that safeguards privacy, requires data archiving, and necessitates more corporate transparency in the form of regular filings. So when Info-Tech calls HIPAA "toothless," we quite agree.

But to hammer on the politicians for grandstanding on the need for compliance regulations is too easy. Some high-profile enforcement is needed at the state and federal levels to demonstrate how sharp the teeth of the watchdog really can be. Just ask Martha Stewart -- and anyone involved in her dubious stock dealings a couple of years back. Heck, ask Bernie Ebbers.Despite their potential, though, HIPAA and SOX are disappointments. "Where Is California's Elliot Spitzer?" asked a Los Angeles Times headline a few weeks ago. Until someone like that arrives on the storage scene, expect the regulations to be empty verbiage. Ten years later, it's still pretty much business as usual on the enforcement front.

Terry Sweeney, Editor in Chief, Byte and Switch