What is LawBrain?
It's a living legal community making laws accessible and interactive. Click Here to get Started »

Health Insurance Portability and Accountability Act (HIPAA)

From lawbrain.com

HIPAA is a U.S. law that established requirements on the handling of personal health information.

  • This LawBrain entry is a stub. Please help us expand it! Click the 'Edit' tab above to add to this page.



The Health Insurance Portability and Accountability Act (HIPAA),[1] an amendment of the Employee Retirement Income Security Act of 1974 (ERISA), specifically addresses the privacy of health information. It requires U.S. Department of Health and Human Services (HHS) to adopt national standards (known as HIPAA Rules) specific to electronic healthcare information transactions. HIPAA establishes a minimum standard, whereas states are able to develop more rigourous requirements, as long as they are in compliance with HIPAA.


U.S. Department of Health & Human Services v. CVS Pharmacy, Inc.[2]

In addition to a $2.25 million fine, CVS was ordered to establish and implement policies and procedures for disposing of protected health information, implement a training program for handling and disposing of patient information, conduct internal monitoring and have an outside independent assessor evaluate the compliance for three years.

Federal Trade Commission v. CVS Caremark Coropration[3]

CVS Caremark is required by the FTC to establish, implement, and maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of the personal information it collects from consumers and employees. Additionally, every two years for the next 20 years, an audit by a third-party must be conducted to ensure that the security program meets the requirements as ordered.

United States (DOJ) v. Holland[4][5]

Dr. Holland was given a sentence of one year of probation, a $5,000 fine and 50 hours of community service educating professionals on HIPAA.

Ms. Miller was sentenced to one year probation and a $2,500 fine.

Ms. Griffin was sentenced to one year probation and a $1,500 fine.

United States (DOJ) v. Smith[6][7]

Ms. Smith was sentenced to two years probation, including 100 hours of community service educating others on the consequences of violating the HIPAA statute.

United States (DOJ) v. Ferrer and Machado[8]

Ms. Machado received a reduced sentence of three years of probation, which included six months of home confinement.  A payment of more than $2.5 million in restitution was also ordered.

Mr. Ferrer was sentenced to 87 months in prison, three years of supervised release, and ordered to pay more than $2.5 million in restitution.

United States (DOJ) v. Ramirez

For selling an FBI agent’s medical records for $500, Ms. Ramirez was given a sentence of six months jail time and four months of home confinement, followed by a two-year supervised release. She was also ordered to pay a criminal money penalty of $100.

United States (DOJ) v. Gibson[9]

Mr. Gibson was given a sentence of 16 months in prison and three year supervised release. Additionally, he was ordered to pay $15,000 in restitution.


  1. http://hdl.loc.gov/loc.uscongress/legislation.104hr3103
  2. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cvsresolutionagreement.html
  3. http://www.ftc.gov/opa/2009/02/cvs.shtm
  4. http://www.justice.gov/usao/are/news_releases/PDFs_2009News_Releases/July/3plea_HIPAA_07202009.pdf
  5. http://littlerock.fbi.gov/dojpressrel/pressrel09/lr102609.htm
  6. http://www.justice.gov/usao/are/news_releases/PDFs_2008News_Releases/April/SmithLPNplea%20HIPAA%20041508.pdf
  7. http://littlerock.fbi.gov/dojpressrel/pressrel08/lr120308.htm
  8. http://hr.cch.com/news/benefits/092208.asp
  9. http://www.law.uh.edu/Healthlaw/perspectives/2007/%28DM%29HIPAACrimCharges.pdf

External Links

Related Resources on FindLaw

Related Blogs on FindLaw

Failed to load RSS feed from http://search.yahooapis.com/WebSearchService/rss/webSearch.xml?appid=yahoosearchwebrss&query=health%20insurance%20portability%20accountability%20act%20HIPAA:blogs.findlaw.com!

                                                                            Web Services by Yahoo!

See Also


FindLaw Michelle, FindLaw Nira