قانون نقل التأمين الصحي والمساءلة
فرضه | الكونگرس 104th |
---|---|
الذِكر | |
قانون عام | Pub.L. 104–191 (text) (pdf) |
Stat. | 110 Stat. 1936 |
التقنين | |
| |
التعديلات الرئيسية | |
قضايا أمام المحكمة العليا ذات صلة | |
The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy–Kassebaum Act[1][2]) was enacted by the 104th United States Congress and signed by President Bill Clinton in 1996. It was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.[3]
The act consists of five titles. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.[4] Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.[5] Title III sets guidelines for pre-tax medical spending accounts, Title IV sets guidelines for group health plans, and Title V governs company-owned life insurance policies.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
المخالفات
According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013, it received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Department of Justice as criminal actions.[6] Examples of significant breaches of protected information and other HIPAA violations include:
- The largest loss of data that affected 4.9 million people by Tricare Management of Virginia in 2011[7]
- The largest fines of $5.5 million levied against Memorial Healthcare Systems in 2017 for accessing confidential information of 115,143 patients[8] and of $4.3 million levied against Cignet Health of Maryland in 2010 for ignoring patients' requests to obtain copies of their own records and repeated ignoring of federal officials' inquiries[9]
- The first criminal indictment was lodged in 2011 against a Virginia physician who shared information with a patient's employer "under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when in fact he knew that the patient was not such a threat."[10]
According to Koczkodaj et al., 2018,[11] the total number of individuals affected since October 2009 is 173,398,820.
The differences between civil and criminal penalties are summarized in the following table:
Type of Violation | CIVIL Penalty (min) | CIVIL Penalty (max) |
---|---|---|
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA | $100 per violation, with an annual maximum of $25,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
HIPAA violation due to reasonable cause and not due to willful neglect | $1,000 per violation, with an annual maximum of $100,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
HIPAA violation due to willful neglect but violation is corrected within the required time period | $10,000 per violation, with an annual maximum of $250,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
HIPAA violation is due to willful neglect and is not corrected | $50,000 per violation, with an annual maximum of $1,000,000 | $50,000 per violation, with an annual maximum of $1.5 million |
Type of Violation | CRIMINAL Penalty | |
Covered entities and specified individuals who "knowingly" obtain or disclose individually identifiable health information | A fine of up to $50,000
Imprisonment up to 1 year | |
Offenses committed under false pretenses | A fine of up to $100,000
Imprisonment up to 5 years | |
Offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm | A fine of up to $250,000
Imprisonment up to 10 years |
معلومات تشريعية
- Pub.L. 104–191 (text) (pdf), 110 Stat. 1936
- H.R. 3103; H. Rept. 104-469, part 1; H. Rept. 104-736
- S. 1028; S. 1698; S. Rept. 104-156
- HHS Security Standards, قالب:USCFR, 162, and 164
- HHS Standards for Privacy of Individually Identifiable Health Information, قالب:USCFR and 164
المراجع
- ^ Atchinson, Brian K.; Fox, Daniel M. (May–June 1997). "The Politics Of The Health Insurance Portability And Accountability Act" (PDF). Health Affairs. 16 (3): 146–150. doi:10.1377/hlthaff.16.3.146. PMID 9141331. Archived from the original (PDF) on 2014-01-16. Retrieved 2014-01-16.
- ^ "104th Congress, 1st Session, S.1028" (PDF). Archived (PDF) from the original on 2012-06-16.
- ^ "HIPAA for Dummies".
- ^ "Health Plans & Benefits: Portability of Health Coverage". United States Department of Labor. 2015-12-09. Archived from the original on 2016-12-20. Retrieved 2016-11-05.
- ^ "Overview". www.cms.gov (in الإنجليزية الأمريكية). 2016-09-13. Archived from the original on 2016-11-02. Retrieved 2016-11-05.
- ^ "Enforcement Highlights". OCR Home, Health Information Privacy, Enforcement Activities & Results, Enforcement Highlights. U.S. Department of Health & Human Services. Archived from the original on 5 March 2014. Retrieved 3 March 2014.
- ^ "Breaches Affecting 500 or more Individuals". OCR Home, Health Information Privacy, HIPAA Administrative Simplification Statute and Rules, Breach Notification Rule. U.S. Department of Health & Human Services. Archived from the original on 15 March 2015. Retrieved 3 March 2014.
- ^ "Record HIPAA Settlement Announced: $5.5 Million Paid by Memorial Healthcare Systems". HIPAA Journal. February 17, 2017.
- ^ "Civil Money Penalty". HHS Official Site. U.S. Department of Health & Human Services. October 2010. Archived from the original on 8 October 2017. Retrieved 8 October 2017.
- ^ "HIPAA Privacy Complaint Results in Federal Criminal Prosecution for First Time". HIPAA Journal. July 2011. Archived from the original on 17 February 2018. Retrieved 10 October 2017.
- ^ Koczkodaj, Waldemar W.; Mazurek, Mirosław; Strzałka, Dominik; Wolny-Dominiak, Alicja; Woodbury-Smith, Marc (2018). Social Indicators Research, https://link.springer.com/article/10.1007/s11205-018-1837-z?wt_mc=Internal.Event.1.SEM.ArticleAuthorOnlineFirst Electronic Health Record Breaches as Social Indicators.
External links
- California Office of HIPAA Implementation (CalOHI)
- "HIPAA", Centers for Medicare and Medicaid Services
- Congressional Research Service (CRS) reports regarding HIPAA, University of North Texas Libraries
- Full text of the Health Insurance Portability and Accountability Act (PDF/TXT) U.S. Government Printing Office
- Office for Civil Rights page on HIPAA
- CS1 الإنجليزية الأمريكية-language sources (en-us)
- Short description matches Wikidata
- 104th United States Congress
- Data erasure
- Insurance legislation
- Medical privacy legislation
- Medicare and Medicaid (United States)
- Privacy law in the United States
- Security compliance
- United States federal health legislation
- United States federal privacy legislation