InformationWeek has an article on Privacy Breaches reported by health care agencies. This isn't surprising at all. HIPPA is so vague, has so many "outs", and affects so many different industries that it's almost impossible to work with. When I was consulting HIPPA was a project of mine. The company I was with was a late comer in the game when we decided to actively pursue clients that needed help with HIPPA compliance. I spoke with people in health care (hospitals, nursing homes, doctors offices), insurance, law firms, and others that were affected and without fail all of them had either an apathetic attitude toward getting compliant, were depending on a software vendor to be compliant, or had no idea that HIPPA could affect them. I know that those I dealt with was a very small sampling but when you bat 100% it really doesn't matter how big your sample is. It still speaks volumes as to the attitudes that companies have towards HIPPA. Many will do the bear minimum to get Uncle Sam off their back.