Mailing list
Joyce Perrone
Description
Collection
Title:
Mailing list
Creator:
Joyce Perrone
Date:
10/26/2007
Text:
Criminal Penalties
In June 2005, the U.S. Department of Justice (DOJ) clarified who can be
held criminally liable under HIPAA. Covered entities and specified
individuals, as explained below, whom knowingly obtain or disclose
individually identifiable health information in violation of the
Administrative Simplification Regulations face a fine of up to $50,000,
as well as imprisonment up to one year. Offenses committed under false
pretenses allow penalties to be increased to a $100,000 fine, with up to
five years in prison. Finally, offenses committed with the intent to
sell, transfer, or use individually identifiable health information for
commercial advantage, personal gain or malicious harm permit fines of
$250,000, and imprisonment for up to ten years.
Covered Entity and Specified Individuals
The DOJ concluded that the criminal penalties for a violation of HIPAA
are directly applicable to covered entities-including health plans,
health care clearinghouses, health care providers who transmit claims in
electronic form, and Medicare prescription drug card sponsors.
Individuals such as directors, employees, or officers of the covered
entity, where the covered entity is not an individual, may also be
directly criminally liable under HIPAA in accordance with principles of
corporate criminal liability. Where an individual of a covered entity
is not directly liable under HIPAA, they can still be charged with
conspiracy or aiding and abetting.
Knowingly
The DOJ interpreted the knowingly element of the HIPAA statute for
criminal liability as requiring only knowledge of the actions that
constitute an offense. Specific knowledge of an action being in
violation of the HIPAA statute is not required.
As for Our Code of Ethics-- it is like the Hypocratic Oath that
doctors take. While a 'professional' code or oath, it is not subjected
to legal involvement. It may come into play if your state has
licensure, I would suppose.
I would recommend the patient make a copy of the solicitation and
contact the DOJ. I would start by contacting the office of the attorney
general in your area.
Joyce J Perrone
De La Torre O&P, Inc & PROMISE Consulting, Inc
300 Alpha Drive Pgh PA 15238
412-599-1112 Cell: 412-849-7750
Original post: Date: Thu, 25 Oct 2007 11:36:18 EDT
From: Elizabeth Park < <Email Address Redacted> >
Subject: Mailing List
Can anyone tell me how certain O & P companies get the names of
patients to invite them to their facility for an assessment of their
current orthotic or prosthetic device (provided by another practice?)
Isn't this clearly a HIPPA violation? What about our Code of Ethics? I
figured it was from the ACA, but we have a patient who received an
unsolicited letter from this publicly-held company and he is not a
member of ACA.
Thanks!
Roger Park, CO
In June 2005, the U.S. Department of Justice (DOJ) clarified who can be
held criminally liable under HIPAA. Covered entities and specified
individuals, as explained below, whom knowingly obtain or disclose
individually identifiable health information in violation of the
Administrative Simplification Regulations face a fine of up to $50,000,
as well as imprisonment up to one year. Offenses committed under false
pretenses allow penalties to be increased to a $100,000 fine, with up to
five years in prison. Finally, offenses committed with the intent to
sell, transfer, or use individually identifiable health information for
commercial advantage, personal gain or malicious harm permit fines of
$250,000, and imprisonment for up to ten years.
Covered Entity and Specified Individuals
The DOJ concluded that the criminal penalties for a violation of HIPAA
are directly applicable to covered entities-including health plans,
health care clearinghouses, health care providers who transmit claims in
electronic form, and Medicare prescription drug card sponsors.
Individuals such as directors, employees, or officers of the covered
entity, where the covered entity is not an individual, may also be
directly criminally liable under HIPAA in accordance with principles of
corporate criminal liability. Where an individual of a covered entity
is not directly liable under HIPAA, they can still be charged with
conspiracy or aiding and abetting.
Knowingly
The DOJ interpreted the knowingly element of the HIPAA statute for
criminal liability as requiring only knowledge of the actions that
constitute an offense. Specific knowledge of an action being in
violation of the HIPAA statute is not required.
As for Our Code of Ethics-- it is like the Hypocratic Oath that
doctors take. While a 'professional' code or oath, it is not subjected
to legal involvement. It may come into play if your state has
licensure, I would suppose.
I would recommend the patient make a copy of the solicitation and
contact the DOJ. I would start by contacting the office of the attorney
general in your area.
Joyce J Perrone
De La Torre O&P, Inc & PROMISE Consulting, Inc
300 Alpha Drive Pgh PA 15238
412-599-1112 Cell: 412-849-7750
Original post: Date: Thu, 25 Oct 2007 11:36:18 EDT
From: Elizabeth Park < <Email Address Redacted> >
Subject: Mailing List
Can anyone tell me how certain O & P companies get the names of
patients to invite them to their facility for an assessment of their
current orthotic or prosthetic device (provided by another practice?)
Isn't this clearly a HIPPA violation? What about our Code of Ethics? I
figured it was from the ACA, but we have a patient who received an
unsolicited letter from this publicly-held company and he is not a
member of ACA.
Thanks!
Roger Park, CO
Citation
Joyce Perrone, “Mailing list,” Digital Resource Foundation for Orthotics and Prosthetics, accessed November 1, 2024, https://library.drfop.org/items/show/228672.
