A person who knowingly and in violation of this part-
shall be punished as provided in subsection (b). For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d-9(b)(3) of this title) and the individual obtained or disclosed such information without authorization.
A person described in subsection (a) shall-
42 U.S.C. § 1320d-6
EDITORIAL NOTES
AMENDMENTS2009-Subsec. (a). Pub. L. 111-5 inserted at end "For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d-9(b)(3) of this title) and the individual obtained or disclosed such information without authorization."
STATUTORY NOTES AND RELATED SUBSIDIARIES
EFFECTIVE DATE OF 2009 AMENDMENT Amendment by Pub. L. 111-5 effective 12 months after Feb. 17, 2009, see section 13423 of Pub. L. 111-5 set out as an Effective Date note under section 17931 of this title.
- person
- The term "person" means an individual, a trust or estate, a partnership, or a corporation.