Home page logo

basics logo Security Basics mailing list archives

corrected HIPAA facts.
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Wed, 07 Apr 2004 14:25:57 -0700

Thanks for the correction, Paul. This email is for the benefit of the

HIPAA went into effect from April 14, 2003. (almost a year back).
(though there seems to be a prior HIPAA from 1996 and a subsequent
December 2000 Privacy Rule).

Breach-of-privacy penalties under the latest HIPAA are:
* Disclosure with intent to sell - upto $250,000 and upto 10 years in
* Intentional disclosure - upto $50,000 and upto a year in prison.
* Unintentional disclosure & other minor infractions - civil penalty
only - $100 per person (upto $25,000 per person per year)

Also, the rules in no way limit a person's individual right to sue and
be compensated for damages related to improper use of medical records.

(something else I learnt! the difference between prison and jail -

HIPAA was referenced in a discussion about knowingly running insecure
health-systems and how a subsequent breach of such systems might be
viewed in a court of law.

Here's an excellant HIPAA executive summary guide hosted by our very own

(also, today morning I saw a few reposts of yesterday's emails - dont
know what that is, some mailer problems somehere, but nothing on my end
for sure).


Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.

On Wed, 2004-04-07 at 10:29, Chinnery, Paul wrote:
That 8 million dollar fine is bogus.  There is no such figure in any HIPAA documents I've seen.  

Paul Chinnery
Network Administrator
Mem Med Ctr

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]