Apparently the Justice Department has decided not to enforce the criminal penalties behind HIPAA, which protects the privacy of medical records. Basically, they ruled that criminal prosecution can be brought against medical practices, hospitals, insurance companies, and the like, but not against the employees of those entities.

That’s kind of interesting, since the employees who did the stealing would have been the targets of any criminal prosecution anyway. I’m not sure what Justice was thinking on this one, although I don’t entirely buy the theory that it’s a backhanded way of getting rid of HIPAA. To the extent that I do buy it, I think it is likely a result of a larger ongoing Justice Department attempt to downsize its influence over corporate practices. If it was a real attempt to overthrow HIPAA, I would expect it to be even more ham-handed. (Although the person I linked to would have a better idea than I, I would think, having worked to put HIPAA together.)

In the meantime, I guess with that little bit of clarification, law enforcement can spend more time looking for real Justice Department concerns, such as people who copy their own CDs and anyone who looks “foreign” and takes a picture. 😐