One of the more sweeping and powerful laws designed to protect consumers’ information is the Health Insurance Portability and Accountability Act (HIPAA). This law, passed in 1996, is aimed at both modernizing and streamlining the flow of medical information and putting protections in place for patients as to their personal identifying information. The latter is what most people associate with the law; most everyone knows that HIPAA-covered information should be heavily protected.
Protected Health Information (PHI)
Many healthcare-related entities are covered by HIPAA. This includes doctors’ offices, hospitals, health insurance providers, and pharmacies, among others. Any identifiable information must be protected by the entity; this identifiable information, officially referred to as Protected Health Information (PHI), ranges from your name and phone number to your biometric identifiers. Any covered entity must handle PHI with care.
Criminal vs. Civil Violations
Under the law, a HIPAA violation may be classified as civil or criminal. Civil violations typically have to do with neglect or violations that were committed by individuals who did not understand that their actions violated HIPAA. Depending on the individual’s knowledge of HIPAA rules and actions to rectify the violation(s), fines can be as low as $100 per violation or more than $50,000 per violation.
Conversely, criminal HIPAA violations deal with those who violate the HIPAA Privacy Rule with malicious intent. Criminal fines can total $250,000 and individuals convicted of a HIPAA violation can go to prison for as long as 10 years.
Consequences of Having Your Information Compromised
Think about what could happen if your most intimate health information were compromised and published on the Internet for everyone to see. For instance, let’s say you applied for a job and your potential employer was able to find out that you have diabetes. After several rounds of interviews, the hiring comes down to you and another qualified candidate. If things are close at the end, the hiring manager might make the decision to go with the other candidate instead of someone with a chronic health problem.
An Attorney Can Help
Unfortunately, there is no way for a private citizen to sue an entity for a HIPAA violation. If you want to report a possible HIPAA violation, you can do so at the website of the Department of Health and Human Services. However, this does not mean you cannot file for violations of other laws when your personal health information is compromised. Missouri has a law, for example, that addresses disclosures of an individual’s HIV status.
If your information was compromised, we want to help. You deserve competent legal counsel if the compromise had negative effects on your life. Get in touch with Bell Law to see what we can do for you; you can call us at 816-886-8206.