Re: criminal case

Posted by ert on January 20, 2019, at 8:33:48

In reply to Re: criminal case, posted by ert on January 20, 2019, at 8:12:52

> > In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.
>
> from hhs.gov
>
> What is the difference between consent and authorization under the HIPAA Privacy Rule?
> Answer:
> The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.
>
> By contrast, an authorization is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual.
>
> An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed. With limited exceptions, covered entities may not condition treatment or coverage on the individual providing an authorization.
>
>
>
https://www.hipaahelpcenter.com/violations/releasing-information-undesignated-party

Thread

Designation of a data protection officer ert 12/31/18
...
Re:Designation of a data protection officer ert 1/14/19
Re: Designation of a data protection officer rjlockhart37 1/17/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Designation of a data protection rjlockhart37 ert 1/18/19
Re: Hipaa privacy rule vs gdpr and others ert 1/19/19
Re: criminal case ert 1/20/19
Re: criminal case ert 1/20/19
Re: criminal case ert 1/20/19
Re: Designation of a data protection officer ert 2/14/19
Re: Designation of a data protection officer ert 2/14/19
Re: Designation of a data protection officer rjlockhart37 2/14/19

Post a new follow-up

Notify the administrators

Start a new thread

poster:ert thread:1102664
URL: http://www.dr-bob.org/babble/admin/20151112/msgs/1102880.html