قانون نقل التأمين الصحي والمساءلة

قانون نقل التأمين الصحي والمساءلة
Great Seal of the United States.
فرضه الكونگرس 104th
الذِكر
قانون عام Pub.L. 104–191 (text) (pdf)
Stat. 110 Stat. 1936
التقنين
التاريخ التشريعي
  • قـُدِّم في House كـ H.R. 3103 من قِبل Bill Archer (R-TX) بتاريخ March 18, 1996
  • لعناية اللجنة من: House Ways and Means
  • وتم تمريره House في March 28, 1996 (267–151)
  • مرر Senate في April 23, 1996 (100–0, in lieu of S. 1028)
  • ذكرته لجنة المؤتمر المشترك بخصوص July 31, 1996; وافق عليه House في August 1, 1996 (421–2) وبواسطة Senate في August 2, 1996 (98–0)
  • وقع عليه الرئيس ليصبح قانوناً Bill Clinton في August 21, 1996
التعديلات الرئيسية
قضايا أمام المحكمة العليا ذات صلة

The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the KennedyKassebaum Act[1][2]) was enacted by the 104th United States Congress and signed by President Bill Clinton in 1996. It was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.[3]

The act consists of five titles. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.[4] Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.[5] Title III sets guidelines for pre-tax medical spending accounts, Title IV sets guidelines for group health plans, and Title V governs company-owned life insurance policies.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

المخالفات

HIPAA Chart illustrating HIPAA violations by Type
A breakdown of the HIPAA violations that resulted in the illegal exposure of personal information.

According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013, it received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Department of Justice as criminal actions.[6] Examples of significant breaches of protected information and other HIPAA violations include:

  • The largest loss of data that affected 4.9 million people by Tricare Management of Virginia in 2011[7]
  • The largest fines of $5.5 million levied against Memorial Healthcare Systems in 2017 for accessing confidential information of 115,143 patients[8] and of $4.3 million levied against Cignet Health of Maryland in 2010 for ignoring patients' requests to obtain copies of their own records and repeated ignoring of federal officials' inquiries[9]
  • The first criminal indictment was lodged in 2011 against a Virginia physician who shared information with a patient's employer "under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when in fact he knew that the patient was not such a threat."[10]

According to Koczkodaj et al., 2018,[11] the total number of individuals affected since October 2009 is 173,398,820.

The differences between civil and criminal penalties are summarized in the following table:

Type of Violation CIVIL Penalty (min) CIVIL Penalty (max)
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA $100 per violation, with an annual maximum of $25,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to reasonable cause and not due to willful neglect $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation is due to willful neglect and is not corrected $50,000 per violation, with an annual maximum of $1,000,000 $50,000 per violation, with an annual maximum of $1.5 million
Type of Violation CRIMINAL Penalty
Covered entities and specified individuals who "knowingly" obtain or disclose individually identifiable health information A fine of up to $50,000

Imprisonment up to 1 year

Offenses committed under false pretenses A fine of up to $100,000

Imprisonment up to 5 years

Offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm A fine of up to $250,000

Imprisonment up to 10 years


معلومات تشريعية

المراجع

  1. ^ Atchinson, Brian K.; Fox, Daniel M. (May–June 1997). "The Politics Of The Health Insurance Portability And Accountability Act" (PDF). Health Affairs. 16 (3): 146–150. doi:10.1377/hlthaff.16.3.146. PMID 9141331. Archived from the original (PDF) on 2014-01-16. Retrieved 2014-01-16.
  2. ^ "104th Congress, 1st Session, S.1028" (PDF). Archived (PDF) from the original on 2012-06-16.
  3. ^ "HIPAA for Dummies".
  4. ^ "Health Plans & Benefits: Portability of Health Coverage". United States Department of Labor. 2015-12-09. Archived from the original on 2016-12-20. Retrieved 2016-11-05.
  5. ^ "Overview". www.cms.gov (in الإنجليزية الأمريكية). 2016-09-13. Archived from the original on 2016-11-02. Retrieved 2016-11-05.
  6. ^ "Enforcement Highlights". OCR Home, Health Information Privacy, Enforcement Activities & Results, Enforcement Highlights. U.S. Department of Health & Human Services. Archived from the original on 5 March 2014. Retrieved 3 March 2014.
  7. ^ "Breaches Affecting 500 or more Individuals". OCR Home, Health Information Privacy, HIPAA Administrative Simplification Statute and Rules, Breach Notification Rule. U.S. Department of Health & Human Services. Archived from the original on 15 March 2015. Retrieved 3 March 2014.
  8. ^ "Record HIPAA Settlement Announced: $5.5 Million Paid by Memorial Healthcare Systems". HIPAA Journal. February 17, 2017.
  9. ^ "Civil Money Penalty". HHS Official Site. U.S. Department of Health & Human Services. October 2010. Archived from the original on 8 October 2017. Retrieved 8 October 2017.
  10. ^ "HIPAA Privacy Complaint Results in Federal Criminal Prosecution for First Time". HIPAA Journal. July 2011. Archived from the original on 17 February 2018. Retrieved 10 October 2017.
  11. ^ Koczkodaj, Waldemar W.; Mazurek, Mirosław; Strzałka, Dominik; Wolny-Dominiak, Alicja; Woodbury-Smith, Marc (2018). Social Indicators Research, https://link.springer.com/article/10.1007/s11205-018-1837-z?wt_mc=Internal.Event.1.SEM.ArticleAuthorOnlineFirst Electronic Health Record Breaches as Social Indicators.

External links