It's a living legal community making laws accessible and interactive. Click Here to get Started »
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a U.S. law that established requirements on the handling of personal health information.
The Health Insurance Portability and Accountability Act (HIPAA), an amendment of the Employee Retirement Income Security Act of 1974 (ERISA), specifically addresses the privacy of health information. It requires U.S. Department of Health and Human Services (HHS) to adopt national standards (known as HIPAA Rules) specific to electronic healthcare information transactions. HIPAA establishes a minimum standard, whereas states are able to develop more rigourous requirements, as long as they are in compliance with HIPAA.
U.S. Department of Health & Human Services v. CVS Pharmacy, Inc.
In addition to a $2.25 million fine, CVS was ordered to establish and implement policies and procedures for disposing of protected health information, implement a training program for handling and disposing of patient information, conduct internal monitoring and have an outside independent assessor evaluate the compliance for three years.
Federal Trade Commission v. CVS Caremark Coropration
CVS Caremark is required by the FTC to establish, implement, and maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of the personal information it collects from consumers and employees. Additionally, every two years for the next 20 years, an audit by a third-party must be conducted to ensure that the security program meets the requirements as ordered.
Dr. Holland was given a sentence of one year of probation, a $5,000 fine and 50 hours of community service educating professionals on HIPAA.
Ms. Miller was sentenced to one year probation and a $2,500 fine.
Ms. Griffin was sentenced to one year probation and a $1,500 fine.
Ms. Smith was sentenced to two years probation, including 100 hours of community service educating others on the consequences of violating the HIPAA statute.
United States (DOJ) v. Ferrer and Machado
Ms. Machado received a reduced sentence of three years of probation, which included six months of home confinement. A payment of more than $2.5 million in restitution was also ordered.
Mr. Ferrer was sentenced to 87 months in prison, three years of supervised release, and ordered to pay more than $2.5 million in restitution.
United States (DOJ) v. Ramirez
For selling an FBI agent’s medical records for $500, Ms. Ramirez was given a sentence of six months jail time and four months of home confinement, followed by a two-year supervised release. She was also ordered to pay a criminal money penalty of $100.
United States (DOJ) v. Gibson
Mr. Gibson was given a sentence of 16 months in prison and three year supervised release. Additionally, he was ordered to pay $15,000 in restitution.
- ↑ http://hdl.loc.gov/loc.uscongress/legislation.104hr3103
- ↑ http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cvsresolutionagreement.html
- ↑ http://www.ftc.gov/opa/2009/02/cvs.shtm
- ↑ http://www.justice.gov/usao/are/news_releases/PDFs_2009News_Releases/July/3plea_HIPAA_07202009.pdf
- ↑ http://littlerock.fbi.gov/dojpressrel/pressrel09/lr102609.htm
- ↑ http://www.justice.gov/usao/are/news_releases/PDFs_2008News_Releases/April/SmithLPNplea%20HIPAA%20041508.pdf
- ↑ http://littlerock.fbi.gov/dojpressrel/pressrel08/lr120308.htm
- ↑ http://hr.cch.com/news/benefits/092208.asp
- ↑ http://www.law.uh.edu/Healthlaw/perspectives/2007/%28DM%29HIPAACrimCharges.pdf
- Health Insurance Standards: New Federal Law Creates Challenges for Consumers, Insurers, Regulators [GAO Report]
- Understanding Health Information Privacy
- Portability of Health Coverage (HIPAA)
- AMA - Coding Billing Insurance: HIPAA
- EBIA Weekly: HIPAA Court Cases
Related Resources on FindLaw
Related Blogs on FindLaw
Web Services by Yahoo!