You need to have JavaScript enabled in order to access this site.

Describe penalties related to data breaches.

Description should include

civil penalties for

violations that the entity did not know about and would not have known about by exercising reasonable diligence
violations due to “reasonable cause”
violations due to “willful neglect” corrected within 30 days
violations due to “willful neglect” not corrected within 30 days

criminal penalties pursuant to HIPAA, resulting from

knowing misuse of unique health identifiers
knowing and unpermitted acquisition or disclosure of PHI

professional consequences (e.g., loss of license, certifications, etc.).

Teacher Resource: Chapter 7: Breach Notification, HIPAA Enforcement, and Other Laws and Requirements (https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide-chapter-7.pdf Links to an external site.), The Office of the National Coordinator for Health Information Technology

Process/Skill Questions:

What are the penalties for violating HIPAA?
What is the difference between civil and criminal law?
What is the difference between intentional and inadvertent disclosure of healthcare information?