In June 2009, a 22 year old mother of three young children Honolulu to one year in prison for illegal access to medical records and another woman posted on a MySpace page that she has HIV.

The State of Hawaii charges against the woman under a state law criminalizing unauthorized access to a computer, and categories accounts of events, according to. led to the woman, convinced that there was a quarrel between the victim and the victim’s sister in law, a friend of the accused. The defendant, who is considered a service to patients at the hospital where the victim was a patient, worked in the computer of the victim’s sister in law.

accessible in the course of about ten months, the defendant, the medical record three times by a computer. After learning about the health of the victim, the defendant has met his MySpace page that the victim had HIV. In a second article, she said the victim was dying of AIDS.

The victim at the hospital officials complained of unauthorized access. After an internal investigation at the hospital the defendant terminated the employment.

the defendant’s conduct was, of course, outrageous and inexcusable. The prison sentence of one year, which exceeded the Court adopted the term recommended by the prosecutor. Yet, may call into question the issue of participation of the defendants accountable for their actions to some extent, the hospital is responsible for the breach of confidentiality would be held.

The federal law imposes legal constraints on suppliers to protect against misuse or disclosure of personal health and limit the uses and reasonable information to the minimum necessary for their use.

In particular, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) your privacy is coming into force of regulations on the declaration April 14, 2003. HIPAA is to protect the health of consumers, so consumers have better access and better control of information, health care, and ultimately create a national framework for protecting personal health information. HIPAA covers health plans, health centers and health care providers that conduct certain financial and administrative transactions electronically.

In addition to legal provisions, HIPAA is the protection regulations on April 21, 2005 statement. Together, the rules of confidentiality and security. the only national policy that the use and disclosure of private information confidential and sensitive are

Under HIPAA security rule, standards for the protection of electronic information by HIPAA covered in three groups: guarantees administrative, physical and technical protection measures protection measures are

Some of the most important safeguards required under HIPAA, the Administrative Commission “sanctions policy” and “security awareness training,” provides sanctions policy .. Standard requires a notice to all employees on disciplinary action taken by the Covered Entity HIPAA violations. The sanctions policy should have a notice of civil or criminal penalties for misuse or misappropriation of health information and that employees that violations may inform the results of applying the law and regulation, accreditation, licensing and organizations.

The training of security awareness required standard that all employees, agents and contractors of the information security awareness training. On the basis should be based on job responsibilities, the body concerned, require people to visit customized training programs that focus on issues of health information and responsibilities regarding confidentiality and security.

Privacy and security require a HIPAA privacy officer and security guard by the covered entity to be named. The Privacy Commissioner of safety must be constantly analyzed and the risk of a thorough assessment of potential risks and vulnerabilities, and implementation of security measures.

resolved, the U. S. Department of Justice (“DOJ”) that the fines imposed and cons that can be used for HIPAA institutions injury. and individuals to get to “knowingly” or disclose individually identifiable health information in violation of HIPAA may be subject to a maximum of 000, and imprisonment up to one year.

offenses committed under false pretenses allow penalties to be increased – a fine up to 0000 was sentenced to five years in prison last crime with intent to sell, transfer or use individually identifiable health information to obtain an advantage commercial or malicious damage to allow fines of 0,000 and a prison sentence of up to ten years committed ..

Since the security breach that should be the tragic events, including the imprisonment of one year for the defendant, Hawaii employers, health providers and health insurance companies to review their policies and HIPAA privacy and a review of its practices to prevent misuse and to protect the disclosure of private health and reduce the risk of breach of privacy in your own organization.


HIPAA Audit