HIPAA Changes in the HITECH Act of 2009: Clarification of Application of Wrongful Disclosures Criminal Penalties

House bill Sec. 4409
Senate bill Sec. 13409
Conference agreement Sec. 13409

This text is from the Conference Committee Report

Current Law

The HIPAA criminal penalties include fines of up to
$250,000 and up to 10 years in prison for disclosing or
obtaining health information with the intent to sell,
transfer or use it for commercial advantage, personal gain,
or malicious harm. In July 2005, the Justice Department
Office of Legal Counsel (OLC) addressed which persons may be
prosecuted under HIPAA and concluded that only a covered
entity could be criminally liable.

House Bill

The House bill clarifies that criminal penalties for
wrongful disclosure of PHI apply to individuals who without
authorization obtain or disclose such information maintained
by a covered entity, whether they are employees or not.

Senate Bill

Same provision.

Conference Agreement

Same provision.

 

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.