The US Court of Appeals for the Ninth Circuit held that an individual may be criminally convicted of knowingly obtaining health information in violation of HIPAA, even if the individual did not know that the access was illegal. The decision serves as a reminder to health care providers, health plans and their business associates that ignorance of the law is not an excuse to criminal prosecution with respect to HIPAA, and that significant repercussions may result from accessing patient information without a valid reason. This reported by Adam Greene, a Partner with Davis Wright & Tremaine.
There have been many discussion around what constitutes appropriate access, the application of Minimal Necessary, willful neglect, patient consent, and accounting for disclosures. This decision important for two reasons. It should serve as Adam suggests in his Alert as a teaching moment for those who work in healthcare that there should always be a legitimate reason for their access to a patient’s information, but it is also important as a reminder to healthcare organizations that they need to actively control and monitor access to patient information.