|
|
|
|
|
|
by maemilius
2767 days ago
|
|
|
I think I can kinda see this argument, actually. The punishment for violating HIPPA is not placed on the individual, it's placed on the company. I work for a company that operates on HIPPA-protected data; if I leaked any of that, I wouldn't face any legal punishment but the company I work for would be on the hook for some seriously large fines. |
|
|
Be careful believing that; it's true that direct liability under HIPAA is almost exclusively for be covered entity as such, but individuals may be criminally liable for HIPAA violations in two ways:
(1) Certain directors, officers, and employees may be liable under general principles of corporate criminal liability, and
(2) Individual employees (and other inbividuals) not criminally liable under (1) for direct HIPAA violations that have a role in it may be liable for conspiracy or aiding and abetting (the latter of which has identical punishment to the crime it relates to) related to the underlying crime committed by the covered entity that is their employer.
So, yes, actually knowingly leaking PHI that subjects the company to crimination penalties under HIPAA would likely also subject you to criminal penalties tied to that HIPAA violation.