Wrongful disclosures could bring your organization big penalties under HIPAA
HIM Connection, February 28, 2003
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Dear Colleagues:
The Health Insurance Accountability and Portability Act of 1996 specifically calls for civil and criminal penalties when a person knowingly and wrongfully discloses individually identifiable health information in violation of the law. Penalties identified in the law are escalating in accordance with the intent of the disclosure:
- If a person knowingly uses a unique health identifier, obtains individually identifiable health information relating to an individual, or discloses individually identifiable health information to another person, the person may be fined up to $50,000, imprisoned not more than one year, or both.
- If the offense is committed under false pretenses, the person may be fined up to $100,000, imprisoned not more than five years, or both.
- If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, the person may be fined up to $250,000, imprisoned not more than 10 years, or both.
HHS staff members in public forums have identified that the chief executive officer of an organization, who oversees and is ultimately responsible for all actions within the organization, could potentially be the one to serve prison time.
This assumes that an organization did not obey HIPAA's regulations for security and/or privacy and therefore permitted a member of its workforce to carry out such an offense.
One can guess that there will be complaints filed with the Secretary of HHS leading to investigations and, potentially, lawsuits by individuals who believe they have been harmed.
This week's HIM Connection was adapted from HIPAA Made Simple: A Guide to Fast-tracking Compliance, Second Edition. The goal of this book is to provide you with a practical guide to implementing the administrative simplifications regulations under HIPAA. It's geared toward helping to ease your workload in these demanding days of preparing for HIPAA compliance on top of all of your other responsibilities. For more information or to order your copy, click here.
Sincerely,
Kim Raines
Managing Editor
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- HIPAA Q&A: Level of encryption needed for email
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Hospitals are not bound by InterQual criteria for determining patient status
- ED-to-inpatient transfers are flawed with safety gaps
- Searched