Your medical privacy is covered under Federal Law. Here's some information:
Per section 1177 of HIPAA, a person who knowingly
- uses a unique health identifier, or causes one to be used;
- obtains individually identifiable health information relating to an individual; or
- discloses individually identifiable health information to another person;
is in violation of HIPAA regulations. Such persons are subject to the following penalties:
- a fine of up to $50,000, or up to 1 year in prison, or both;
- if the offense is committed under false pretenses, a fine of up to $100,000, up to 5 years in prison, or both;
- if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine up to $250,000, or up to 10 years in prison, or both.
HIPAA also provide for civil fines to be imposed by the Secretary of DHHS "on any person" who violates a provision of it. The maximum is $100 for each violation, with the total amount not to exceed $25,0000 for all violations of an identical requirement or prohibition during a calendar year.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA is the federal law that establishes standards for the privacy and security of health information, as well as standards for electronic data interchange (EDI) of health information.
HIPAA has two main goals, as its name implies:
- making health insurance more portable when persons change employers, and
- making the health care system more accountable for costs -- trying especially to reduce waste and fraud.
HIPAA aims to improve accountability in part through what it calls administrative simplification -- a term that translates, roughly, as "promoting efficiency."
The principal means of promoting efficiency is better use of information technology. Health care is -- or, at least at the time of the legislation, was -- still very "uncomputerized" compared to other parts of the economy, particularly in its use of paper for personal health records.
Broader use of computer systems increased concerns about misuse of patient's health information, hence the inclusion of privacy and security provisions as part of HIPAA along with EDI standards.
HIPAA as implemented has four health information standards, and four associated sets of regulations or "rules":
HIPAA is also known as the Kassebaum-Kennedy Act, or the Kennedy-Kassebaum Act.