> This shouldn't be in the hands of a regulatory agency. Serious privacy violations should be legislated and treated as outright crimes, not just regulation infringements.
IHIPAA is largely in the hands of HHS as a regulatory body, and yet violation of its privacy mandates (including those HHS is empowered to detail by regulation) are “outright crimes” as well as also potential civil offenses, not some distinct and lesser category of “regulatory violations”.
Your argument seems deeply grounded in an incorrect assumption about what it means to involve a regulatory agency.
IHIPAA is largely in the hands of HHS as a regulatory body, and yet violation of its privacy mandates (including those HHS is empowered to detail by regulation) are “outright crimes” as well as also potential civil offenses, not some distinct and lesser category of “regulatory violations”.
Your argument seems deeply grounded in an incorrect assumption about what it means to involve a regulatory agency.