Vote Up
1
Vote Down
Problem

Health care providers or their staff sometimes poorly understand or implement the privacy protections required by HIPAA.

2,009 Views / Posted by Alex Hendler

Share with Reddit Share with Reddit

Tags
It has not. I have been lucky enough to deal with health care providers who have been properly educated about how to apply HIPAA's privacy protections
Supporter: Alex Hendler
Opponents: None
Section

Laws and Regulations, United States Code
42 U.S.C. § 1320d-6: Title 42, Part C, Chapter 7, Sub-Chapter XI, Section 1320d-6

§1320d?6. Wrongful disclosure of individually identifiable health information

A person who knowingly and in violation of this part--

(1) uses or causes to be used a unique health identifier;

(2) obtains individually identifiable health information relating to an individual; or

(3) discloses individually identifiable health information to another person,

shall be punished as provided in subsection (b) of this section. For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d-9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.

A person described in subsection (a) of this section shall--

(1) be fined not more than $50,000, imprisoned not more than 1 year, or both;

(2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and

(3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

Source

(Aug. 14, 1935, ch. 531, title XI, §1177, as added Pub. L. 104–191, title II, §262(a), Aug. 21, 1996, 110 Stat. 2029; amended Pub. L. 111–5, div. A, title XIII, §13409, Feb. 17, 2009, 123 Stat. 271.)

Amendments

2009—Subsec. (a). Pub. L. 111–5 inserted at end “For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d–9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.”

Effective Date of 2009 Amendment

Amendment by Pub. L. 111–5 effective 12 months after Feb. 17, 2009, see section 13423 of Pub. L. 111–5, set out as an Effective Date note under section 17931 of this title.

Court Cases This issue has not been linked to any court cases yet.
News This issue has not been linked to any news articles yet.
Companies and Organizations This issue has not been linked to any companies or organizations yet.
    Alex Hendler

    Alex Hendler / January 19, 2012 at 2:40 AM EST

    I mistakenly responded to the (rhetorical) question in the form. Please strike "It has not." from above.


    Sign in to post a comment.
    Solutions Add Add a Solution
    Vote Up
    3
    Vote Down
    Solution Simplify HIPAA.
    The law is clearly so confusing that even highly-educated medical professionals can't interpret it properly. If the Sherman Antitrust Act could be a few clauses and still effective, why can't laws be written the same way today?
    Space
    Issues Laws Cases Pro Articles Firms Entities
    Issues Laws Cases Pro Articles Firms Entities
     
    PlainSite
    Sign Up
    Need Password Help?