Criminal prosecution for violating HIPAA: an emerging threat to health care professionals

The penalties for criminal violations of HIPAA are substantial — generally a fine of up to $50,000 and up to one year in prison. A violation of HIPAA committed under false pretenses, such as disclosing a patient’s information for a reason the provider knows to be untrue (such disclosing a patient’s protected health information on the premise that the patient is an imminent threat to the public when the provider knows this to be false), can carry a fine of up to $100,000 and imprisonment for up to five years.

A gentle reminder for those of us in the financial services industry, especially life underwriters who deal with protected health data on a daily basis.


Have you reviewed your HIPAA policies, training, and compliance lately?

GableGotwals Insurance Law Update


In February 2009, as part of the economic stimulus legislation known as the American Recovery and Reinvestment Act, Congress enacted the Health Information Technology for Economic and Clinical Health Act (HITECH).  HITECH not only provided federal incentives for medical care providers to accelerate implementation of electronic health records systems, but also broadened the categories of those responsible for protecting the patient health information contained in those records and significantly increased the penalties for HIPAA violations.

The original HIPAA Privacy Rule finalized in 2002 applied only to “covered entities” such as health care providers, health plans, health care clearinghouses and later, sponsors of drug discount cards under Medicare. The Department of Health and Human Services Office for Civil Rights (OCR) is responsible for civil enforcement of HIPAA privacy regulations.  Under the original Privacy Rule, OCR lacked direct enforcement authority against the  “business associates” of covered…

View original post 1,278 more words