2012 US Code
Title 42 - The Public Health and Welfare
Chapter 7 - SOCIAL SECURITY (§§ 301 - 1397mm)
Subchapter XI - GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE SIMPLIFICATION (§§ 1301 - 1320e-2)
Part C - Administrative Simplification (§§ 1320d - 1320d-9)
Section 1320d-6 - Wrongful disclosure of individually identifiable health information
Publication Title | United States Code, 2012 Edition, Title 42 - THE PUBLIC HEALTH AND WELFARE |
Category | Bills and Statutes |
Collection | United States Code |
SuDoc Class Number | Y 1.2/5: |
Contained Within | Title 42 - THE PUBLIC HEALTH AND WELFARE CHAPTER 7 - SOCIAL SECURITY SUBCHAPTER XI - GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE SIMPLIFICATION Part C - Administrative Simplification Sec. 1320d-6 - Wrongful disclosure of individually identifiable health information |
Contains | section 1320d-6 |
Date | 2012 |
Laws in Effect as of Date | January 15, 2013 |
Positive Law | No |
Disposition | standard |
Source Credit | Aug. 14, 1935, ch. 531, title XI, §1177, as added Pub. L. 104-191, title II, §262(a), Aug. 21, 1996, 110 Stat. 2029; amended Pub. L. 111-5, div. A, title XIII, §13409, Feb. 17, 2009, 123 Stat. 271. |
Statutes at Large References | 110 Stat. 2029 123 Stat. 271 |
Public Law References | Public Law 104-191, Public Law 111-5 |
Download PDF
A person who knowingly and in violation of this part—
(1) uses or causes to be used a unique health identifier;
(2) obtains individually identifiable health information relating to an individual; or
(3) discloses individually identifiable health information to another person,
shall be punished as provided in subsection (b) of this section. For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d–9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.
(b) PenaltiesA person described in subsection (a) of this section shall—
(1) be fined not more than $50,000, imprisoned not more than 1 year, or both;
(2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and
(3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.
(Aug. 14, 1935, ch. 531, title XI, §1177, as added Pub. L. 104–191, title II, §262(a), Aug. 21, 1996, 110 Stat. 2029; amended Pub. L. 111–5, div. A, title XIII, §13409, Feb. 17, 2009, 123 Stat. 271.)
Amendments2009—Subsec. (a). Pub. L. 111–5 inserted at end “For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d–9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.”
Effective Date of 2009 AmendmentAmendment by Pub. L. 111–5 effective 12 months after Feb. 17, 2009, see section 13423 of Pub. L. 111–5, set out as an Effective Date note under section 17931 of this title.
Disclaimer: These codes may not be the most recent version. The United States Government Printing Office may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the US site. Please check official sources.