E-Mail Bulletin
September 2004
Penalty for breaking HIPAA law
Special E-Mail Bulletin
Hi, everyone. Here's a short bulletin regarding the first conviction for violation of HIPAA regulations. It's from the September 20 issue of AM News.
Gil
Penalty for breaking HIPAA law
Willful and deliberate violations of the federal medical records privacy rule carry stiff criminal penalties.
Last month's conviction of Richard W. Gibson of SeaTac, Wash. -- the first in the country involving a breach of the privacy portion of the HIPAA act -- is a reminder of that fact. The regulation, part of the Health Insurance Portability and Accountability Act, went into effect in April of last year. Gibson admitted that, while he worked at Seattle Cancer Care Alliance, he used a patient's personal information to get four credit cards on which he charged more than $9,000.
Criminal penalties for breaking the privacy law:
- $50,000 penalty, imprisonment of not more than 1 year or both, for wrongful disclosure.
- $100,000 penalty, imprisonment of not more than 5 years or both, for an offense under false pretense.
- $250,000 penalty, imprisonment of not more than 10 years or both, for selling or intent to sell individually identifiable health information.
