Home page logo
/

basics logo Security Basics mailing list archives

corrected HIPAA facts.
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Wed, 07 Apr 2004 14:25:57 -0700


Thanks for the correction, Paul. This email is for the benefit of the
list.

HIPAA went into effect from April 14, 2003. (almost a year back).
(though there seems to be a prior HIPAA from 1996 and a subsequent
December 2000 Privacy Rule).

Breach-of-privacy penalties under the latest HIPAA are:
* Disclosure with intent to sell - upto $250,000 and upto 10 years in
prison.
* Intentional disclosure - upto $50,000 and upto a year in prison.
* Unintentional disclosure & other minor infractions - civil penalty
only - $100 per person (upto $25,000 per person per year)

Also, the rules in no way limit a person's individual right to sue and
be compensated for damages related to improper use of medical records.

(something else I learnt! the difference between prison and jail -
http://www.lawforkids.org/QA/Other/Other53.cfm)

HIPAA was referenced in a discussion about knowingly running insecure
health-systems and how a subsequent breach of such systems might be
viewed in a court of law.

Here's an excellant HIPAA executive summary guide hosted by our very own
securityfocus
http://www.securityfocus.com/infocus/1764

(also, today morning I saw a few reposts of yesterday's emails - dont
know what that is, some mailer problems somehere, but nothing on my end
for sure).

thanks,
-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.

On Wed, 2004-04-07 at 10:29, Chinnery, Paul wrote:
That 8 million dollar fine is bogus.  There is no such figure in any HIPAA documents I've seen.  

Paul Chinnery
Network Administrator
Mem Med Ctr



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault