Security Basics mailing list archives
corrected HIPAA facts.
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Wed, 07 Apr 2004 14:25:57 -0700
Thanks for the correction, Paul. This email is for the benefit of the list. HIPAA went into effect from April 14, 2003. (almost a year back). (though there seems to be a prior HIPAA from 1996 and a subsequent December 2000 Privacy Rule). Breach-of-privacy penalties under the latest HIPAA are: * Disclosure with intent to sell - upto $250,000 and upto 10 years in prison. * Intentional disclosure - upto $50,000 and upto a year in prison. * Unintentional disclosure & other minor infractions - civil penalty only - $100 per person (upto $25,000 per person per year) Also, the rules in no way limit a person's individual right to sue and be compensated for damages related to improper use of medical records. (something else I learnt! the difference between prison and jail - http://www.lawforkids.org/QA/Other/Other53.cfm) HIPAA was referenced in a discussion about knowingly running insecure health-systems and how a subsequent breach of such systems might be viewed in a court of law. Here's an excellant HIPAA executive summary guide hosted by our very own securityfocus http://www.securityfocus.com/infocus/1764 (also, today morning I saw a few reposts of yesterday's emails - dont know what that is, some mailer problems somehere, but nothing on my end for sure). thanks, -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. On Wed, 2004-04-07 at 10:29, Chinnery, Paul wrote:
That 8 million dollar fine is bogus. There is no such figure in any HIPAA documents I've seen. Paul Chinnery Network Administrator Mem Med Ctr
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Secure host newbie - fun - humm, (continued)
- Re: Secure host newbie - fun - humm Barry Fitzgerald (Apr 07)
- Re: Secure host newbie - fun - humm Ranjeet Shetye (Apr 07)
- Re: Secure host newbie - fun - humm Barry Fitzgerald (Apr 07)
- Re: Secure host newbie - fun - humm Ranjeet Shetye (Apr 07)
- Re: Secure host newbie - fun - humm Barry Fitzgerald (Apr 07)
- Re: Secure host newbie - fun - humm Ranjeet Shetye (Apr 07)
- Re: Secure host newbie - fun - humm Barry Fitzgerald (Apr 07)
- Re: Secure host newbie - fun - humm Barry Fitzgerald (Apr 07)
- Re: Secure host newbie - fun - humm Fredrik Hult (Apr 12)
- corrected HIPAA facts. Ranjeet Shetye (Apr 07)