[ Wednesday, June 29, 2016 ]
Jamie Knapp: another HIPAA criminal conviction: a respiratory therapist who accessed PHI of patients she was not seeing
has been convicted, apparently of violating HIPAA, by an Ohio federal jury. I'm still trying to figure out how a respiratory therapist employee of a hospital, who by herself is not a covered entity, was convicted of violating HIPAA. Not every health care provider is a covered entity; you must also conduct electronic transactions that are HIPAA regulated. Generally, an employee will not be conducting those transactions. And while the officers and directors of a company may be held liable for their activities as decision-makers of their companies (in other words, they can't hide behind the company for their own acts if the company is responsible as well), I don't see how a low-level employee is bootstrapped into being the covered entity itself.
Jeff [8:32 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template