42 U.S.C. § 1320d–6 — Wrongful disclosure of individually identifiable health information

FEDERAL · 42 U.S.C. · Chapter 7

Wrongful disclosure of individually identifiable health information

42 U.S.C. § 1320d–6

Title42 — The Public Health and Welfare

Chapter7 — SOCIAL SECURITY

SubchapterXI

PartC

Current throughPub. L. 119-99

This text of 42 U.S.C. § 1320d–6 (Wrongful disclosure of individually identifiable health information) is published on Counsel Stack Legal Research, covering United States primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

42 U.S.C. § 1320d–6.

Text

(a)Offense A person who knowingly and in violation of this part—

(1)uses or causes to be used a unique health identifier;

(2)obtains individually identifiable health information relating to an individual; or

(3)discloses individually identifiable health information to another person, shall be punished as provided in subsection (b). For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d–9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.

(b)Penalties A perso

Free access — add to your briefcase to read the full text and ask questions with AI

(a) Offense
A person who knowingly and in violation of this part—
(1) uses or causes to be used a unique health identifier;
(2) obtains individually identifiable health information relating to an individual; or
(3) discloses individually identifiable health information to another person,
shall be punished as provided in subsection (b). For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d–9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.
(b) Penalties
A person described in subsection (a) shall—
(1) be fined not more than $50,000, imprisoned not more than 1 year, or both;
(2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and
(3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

Source Credit

History

(Aug. 14, 1935, ch. 531, title XI, §1177, as added Pub. L. 104–191, title II, §262(a), Aug. 21, 1996, 110 Stat. 2029; amended Pub. L. 111–5, div. A, title XIII, §13409, Feb. 17, 2009, 123 Stat. 271.)

Editorial Notes

Editorial Notes

Amendments
2009—Subsec. (a). Pub. L. 111–5 inserted at end "For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d–9(b)(3) of this title) and the individual obtained or disclosed such information without authorization."

Statutory Notes and Related Subsidiaries

Effective Date of 2009 Amendment
Amendment by Pub. L. 111–5 effective 12 months after Feb. 17, 2009, see section 13423 of Pub. L. 111–5, set out as an Effective Date note under section 17931 of this title.

Cite This Page — Counsel Stack

Bluebook (online)

42 U.S.C. § 1320d–6, Counsel Stack Legal Research, https://law.counselstack.com/usc/42/1320d–6.