• E-mail
• Print
• RSS

DOJ says it will limit HIPAA criminal prosecutions

Physician Practice Advisor, June 15, 2005

A new ruling by the Justice Department will limit the government's ability to prosecute criminal violators of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Although criminal penalties for violating the privacy of medical records by stealing personal health data still applies to doctors, hospitals, insurers, and other providers, the ruling says penalties may not be applicable to their employees or outsiders.

"The reasoning is that federal regulations establish the standards for medical privacy. The regulations apply just to 'covered entities,' including insurers and health care providers. Thus, only covered entities can be prosecuted for criminal violations of the law," according to The New York Times report.

For example, if a hospital sells patients' names for marketing purposes, the facility could be held criminally liable because it is considered a covered entity. However, if a hospital clerk does the same "in defiance of hospital policy" the clerk cannot be prosecuted under HIPAA because the clerk is not a covered entity, according to Robert M. Gellman, an expert on privacy and information policy, in the The New York Times story.

• E-mail to a Colleague
• Print
• RSS
• Archive