Section 68-11-243 - Injunctive relief for information blocking - Penalties - Exclusions(a) A business associate, as that term is defined in 45 CFR § 160.103, shall comply with: (1) The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. § 1320d et seq.) and standards for privacy of individually identifiable health information required by 45 CFR Parts 160 and 164; and(2) Federal laws regulating information blocking, as that term is defined in 45 CFR § 171.103.(b) The attorney general and reporter may institute an action for injunctive relief to restrain a violation of subsection (a).(c)(1) In addition to the injunctive relief provided in subsection (b), the attorney general and reporter may institute an action for civil penalties against a business associate for a violation of subsection (a). A civil penalty assessed under this section must not exceed: (A) Five thousand dollars ($5,000) for each violation committed negligently that occurs in one (1) year, regardless of how long the violation continues during that year;(B) Twenty-five thousand dollars ($25,000) for each violation committed knowingly or intentionally that occurs in one (1) year, regardless of how long the violation continues during that year; or(C) Two hundred fifty thousand dollars ($250,000) for each violation in which the covered entity knowingly or intentionally committed the violation for financial gain.(2) If the court in a pending action under this subsection (c) finds that the violations occurred with a frequency as to constitute a pattern or practice, then the court may assess additional civil penalties for each violation.(d) In determining the amount of a penalty imposed under subsection (c), the court shall consider: (1) The seriousness of the violation, including the nature, circumstances, extent, and gravity of the disclosure or blocking of information;(2) The business associate's compliance history;(3) Whether the violation poses a significant risk of financial, reputational, or other harm to an individual whose protected health information is involved in the violation;(4) The amount necessary to deter a future violation;(5) The business associate's efforts to correct the violation;(6) The size and geographic location of the business associate; and(7) The financial impact the penalty would have on the business associate's financial viability and ability to adequately serve an underserved community or population.(e) This section does not apply to:(1) Persons or entities licensed under title 63 or this title; or(2) A body, authority, board, bureau, commission, district, or agency of this state or a political subdivision of this state.(f) This section does not apply to a person or entity that is licensed under this title or title 63.Added by 2024 Tenn. Acts, ch. 931,s 2, eff. 5/6/2024.Former versionrepealed by 2023 Tenn. Acts, ch. 42, s 2, eff. 3/14/2023.