It is a positive sign that Congress is finally sitting up and taking notice of the serious problem of data security and medical identity theft. However this is the second time in as many months that the focus has been on treating the symptom rather than the cause. In October Congress passed a cyber security bill that would give companies legal immunity for sharing data with the federal government. Aside from the privacy concerns this has generated, it again deals with reacting after the event, rather than trying to stop the breach in the first place.
There remains a general apathy in the industry about a lack of oversight. OCR recently announced that it is reducing the number of companies included in its continually delayed Phase 2 audits. This reinforces the likelihood that many companies will just continue to take a chance rather then spend the money required to be compliant.
Until our lawmakers realize that something more has to be done to prevent breaches, expect to see an increase in the steady stream of medical identity theft announced. 2016 is likely to be much worse than 2015.