[ Tuesday, March 14, 2006 ]
Another HIPAA crime (and by a non-CE)? Check this
out: a woman working in a doctor's office offers to sell an FBI agent's medical file to drug runners. But it turns out her buyer isn't a drug runner, but an FBI snitch. She's going to jail for wrongfully obtaining an individual identifier in order to wrongfully disclose PHI for personal gain. But she worked in a doctor's office; she's not a doctor. And the practice isn't accused, she is. Looks like Gibson again. But the DOJ said non-covered entities like employees, vendors, and business associates can't be held liable for a HIPAA violation. (Further discussion of that below, and here
Unless the actual crime isn't a HIPAA crime (there are a lot of similar identity theft crimes that might apply here). . . .
I'll check it out a little more when I get a chance. I'm sorta out of pocket at the moment.
Jeff [11:28 AM]
Blogger: HIPAA Blog - Edit your Template