Businesses have to comply with regulations in the form of record-keeping, safeguarding medical data, determining the composition of its board of directors, etc. HIPAA is not for individuals, neither is Sarbanes-Oxley.
I think I can kinda see this argument, actually. The punishment for violating HIPPA is not placed on the individual, it's placed on the company.
I work for a company that operates on HIPPA-protected data; if I leaked any of that, I wouldn't face any legal punishment but the company I work for would be on the hook for some seriously large fines.
> The punishment for violating HIPPA is not placed on the individual, it's placed on the company.
Be careful believing that; it's true that direct liability under HIPAA is almost exclusively for be covered entity as such, but individuals may be criminally liable for HIPAA violations in two ways:
(1) Certain directors, officers, and employees may be liable under general principles of corporate criminal liability, and
(2) Individual employees (and other inbividuals) not criminally liable under (1) for direct HIPAA violations that have a role in it may be liable for conspiracy or aiding and abetting (the latter of which has identical punishment to the crime it relates to) related to the underlying crime committed by the covered entity that is their employer.
So, yes, actually knowingly leaking PHI that subjects the company to crimination penalties under HIPAA would likely also subject you to criminal penalties tied to that HIPAA violation.
I asked specifically for other forms of assembly. Individual constitutional rights are applied differently than those rights are applied when assembled.
Hence: Is your argument that it would be unconstitutional to apply SOX or HIPAA to non-profits, teachers unions, churches? If not, my original argument still stands. Businesses are forms of assembly, and thus protected by the first amendment.
It is. I don't even understand how it couldn't be unless you are trying to state that doctors themselves are somehow not individuals.