Health Insurance Portability and Accountability Act of 1996:
A Federal law imposed on all health care organizations including hospitals, physician offices, home health agencies, nursing homes, and other providers, as well as health plans and clearinghouses, protects patient health information.
HIPAA rules require us to:
Any information that uniquely identifies a patient is Protected Health Information (PHI).
OpenSpecimen includes the following PHI fields:
Object | Field Name |
---|---|
Participant | Name (first, last, middle) |
Participant | Date of Birth |
Participant | Social Security Number |
Participant | Registration Date |
Participant | Death Date |
Participant | Medical Record Number |
Participant | Email ID |
Participant | Consent File |
Participant | Master Patient Index |
Visit | Surgical Pathology Number |
Below are some of the other fields which are considered PHI but not present in the OpenSpecimen default model. If you add these as custom fields, we recommend marking them as PHI so that only restricted users get access to it:
Failure to comply with HIPAA can result in civil and criminal penalties:
Tier | Penalty |
---|---|
1. Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation. | $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year |
2. The HIPAA violation had a reasonable cause and was not due to willful neglect. | $1,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year |
3. The HIPAA violation was due to willful neglect but the violation was corrected within the required time period. | $10,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year |
4. The HIPAA violation was due to willful neglect and was not corrected. | $50,000 or more for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year |
Tier | Potential jail sentence |
---|---|
Unknowingly or with reasonable cause | Up to one year |
Under false pretences | Up to five years |
For personal gain or malicious reasons | Up to ten years |