{"id":97447,"date":"2001-11-19T00:00:00","date_gmt":"2001-11-19T05:00:00","guid":{"rendered":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/2001\/11\/19\/part-6-putting-it-all-together\/"},"modified":"2024-04-14T04:14:31","modified_gmt":"2024-04-14T09:14:31","slug":"part-6-putting-it-all-together","status":"publish","type":"post","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","title":{"rendered":"Part 6: Putting It All Together"},"content":{"rendered":"<h3 data-is-section=\"true\" data-wp-context=\"{&quot;id&quot;:&quot;horror-stories&quot;}\" data-wp-interactive=\"{&quot;namespace&quot;:&quot;prc-block\\\/table-of-contents&quot;}\" id=\"horror-stories\" class=\"wp-block-heading\">\u201cHorror Stories\u201d<\/h3>\n\n<p class=\"wp-block-paragraph\">News stories have highlighted various types of privacy violations related to health information.\u00a0 The new federal privacy regulation will address only some violations of privacy that can occur online.\u00a0 The following examples are violations previously reported by the press.\u00a0 None of them are covered by the privacy regulation since compliance with the regulation is not required until April 14, 2003.\u00a0 They are used to illustrate how the regulation would cover and not cover similar violations after the compliance date. <\/p>\n\n<ul class=\"wp-block-list\">\n<li>A hacker downloaded medical records, health information and Social Security numbers on more than 5,000 patients at the University of Washington Medical Center.\u00a0 The hacker claimed to be motivated by a desire to expose the vulnerability of electronic medical records.[70.numoffset=&#8221;70&#8243; This incident is an example of an external security breach. R. O\u2019Harrow, \u201cHacker Accesses Patients Records,\u201d <em>Wash. Post<\/em>, December 9, 2000, at E1; a year earlier, at the University of Michigan Medical Center, several thousand patient records inadvertently lingered on public Internet sites for two months \u2013 example of an internal security violation. \u201cBlack Eye at the Med Center,\u201d <em>Wash. Post<\/em>, February 22, 1999, at F5; similarly, detailed psychological records concerning visits and diagnoses of at least sixty-two children and teenagers were accidentally posted on the University of Montana Web site for eight days. C. Piller, \u201cWeb Mishap: Kids\u2019 Psychological Files Posted,\u201d <em>L.A. Times<\/em>, November 7, 2001, at A1.]<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">After April 14, 2003, a penalty could be imposed on a covered medical center in similar circumstances if the Secretary of HHS determines that the covered entity failed to comply with the requirements of the privacy regulation.\u00a0 The regulation requires covered entities to put in place administrative, technical and physical safeguards to protect the privacy of protected health information, and reasonably safeguard such information from intentional or unintentional use or disclosure.\u00a0 In addition, HIPAA mandates the Secretary of HHS to adopt security standards to protect the confidentiality and integrity of individual health information.\u00a0 These standards are expected to be issued in final form in 2001. <\/p>\n\n<ul class=\"wp-block-list\">\n<li>Global Health Trax sells over-the-counter health and nutrition supplements online.\u00a0 It inadvertently revealed customer names, home phone numbers, and bank account and credit card information of thousands of its customers on its Web site.[71. B. Sullivan, \u201cBank Information Exposed Online,\u201d MSNBC, January 19, 2000.]<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">A company like Global Health Trax in all likelihood would not be considered a covered entity or a business associate of a covered entity.\u00a0 Therefore, the privacy regulation would not apply to any information collected by that company. <\/p>\n\n<ul class=\"wp-block-list\">\n<li>SelectQuote Insurance Services exposed some of its customers\u2019 personal information, including health information, on its Web site.\u00a0 Information that was submitted by users to obtain life insurance quotes was not \u201ccleared,\u201d and thus remained on the site and could be viewed by subsequent users.[72. M. Bunker, \u201cInsurance Site Exposes Personal Data,\u201d MSNBC, March 22, 2000.]<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Life insurance brokers, like SelectQuote Insurance Services, are not covered entities, so they fall outside the scope of the privacy regulation.\u00a0 Their customers\u2019 health-related information, therefore, would not be protected by the privacy rule.<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Eli Lilly and Co. inadvertently revealed 600 patient e-mail addresses when it sent a message to every individual registered to receive reminders about taking Prozac. In the past, the e-mail messages were addressed to individuals.\u00a0 The message announcing the end of the reminder service, however, was addressed to all of the participants.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">A pharmaceutical company, like Eli Lilly and Co., is not a covered entity.\u00a0 Therefore, a breach of confidentiality would not be covered by the privacy regulation.<\/p>\n\n<ul class=\"wp-block-list\">\n<li>The hospital records and photograph of an Illinois woman were posted on the Internet without her knowledge or consent a few days after she was treated at St. Elizabeth\u2019s Medical Center in Granite City following complications from an abortion at the Hope Clinic for Women.\u00a0 The woman has sued the hospital, alleging St. Elizabeth\u2019s released her records without her consent.[73. R. O\u2019Harrow, \u201cProzac Maker Reveals Patient E-Mail Addresses,\u201d <em>Wash. Post<\/em>, July 4, 2001, at E1.]<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Many hospitals will eventually engage in the type of standard transactions that would bring them within the scope of the federal privacy regulation.\u00a0 A covered hospital that makes unauthorized disclosures would be in violation of the privacy rule and thus may be subject to penalties under the regulation.\u00a0 Similarly, it would be a violation of the privacy rule if the covered hospital had lax procedures for storing medical records that facilitated this information\u2019s being improperly disclosed.<\/p>\n\n<p class=\"wp-block-paragraph\">Civil fines under HIPAA are $100 per standard violated with a maximum of $25,000 per year.\u00a0 Furthermore, a person who knowingly discloses individually identifiable health information in violation of HIPAA could be fined as much as $50,000, imprisoned not more than one year, or both.\u00a0 If HHS determines that the offense was committed with the intent to transfer the information for malicious harm, then greater penalties may be imposed. <\/p>","protected":false},"excerpt":{"rendered":"<p>\u201cHorror Stories\u201d News stories have highlighted various types of privacy violations related to health information.\u00a0 The new federal privacy regulation will address only some violations of privacy that can occur online.\u00a0 The following examples are violations previously reported by the press.\u00a0 None of them are covered by the privacy regulation since compliance with the regulation [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sub_headline":"","sub_title":"","_crdt_document":"","_prc_public_revisions":[],"_ppp_expiration_hours":0,"_ppp_enabled":false,"ai_generated_summary":"","relatedPosts":[],"reportMaterials":[],"multiSectionReport":[],"package_parts__enabled":false,"package_parts":[],"_prc_fork_parent":0,"_prc_fork_status":"","_prc_active_fork":0,"datacite_doi":"","datacite_doi_citation":"","_prc_seo_qr_attachment_id":0,"spoken_article_player_enabled":true,"bylines":[],"acknowledgements":[],"displayBylines":true,"footnotes":"","prc_watchers":[]},"categories":[],"tags":[],"bylines":[],"collection":[],"datasets":[],"level_of_effort":[],"primary_audience":[],"information_type":[],"_post_visibility":[],"formats":[458],"_fund_pool":[],"languages":[],"regions-countries":[],"research-teams":[526],"workflow-status":[],"class_list":["post-97447","post","type-post","status-publish","format-standard","hentry","formats-report","research-teams-internet"],"label":false,"post_parent":97396,"word_count":788,"canonical_url":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","art_direction":false,"_embeds":[],"watchers":[],"table_of_contents":[{"id":97396,"title":"Exposed Online: The federal health privacy regulation and Internet user impacts","slug":"exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","is_active":false},{"id":97403,"title":"About Us","slug":"about-us-4","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/about-us-4\/","is_active":false},{"id":97409,"title":"The Terrain","slug":"the-terrain","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/the-terrain\/","is_active":false},{"id":97416,"title":"Part 1: Public Opinion","slug":"part-1-public-opinion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-1-public-opinion\/","is_active":false},{"id":97423,"title":"Part 2: The New Federal Health Privacy Regulation","slug":"part-2-the-new-federal-health-privacy-regulation","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-2-the-new-federal-health-privacy-regulation\/","is_active":false},{"id":97432,"title":"Part 3: Covered Web Sites","slug":"part-3-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-3-covered-web-sites\/","is_active":false},{"id":97438,"title":"Part 4: Partially Covered and Indirectly Covered Web Sites","slug":"part-4-partially-covered-and-indirectly-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-4-partially-covered-and-indirectly-covered-web-sites\/","is_active":false},{"id":97444,"title":"Part 5: Web Sites Not Covered","slug":"part-5-web-sites-not-covered","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-5-web-sites-not-covered\/","is_active":false},{"id":97447,"title":"Part 6: Putting It All Together","slug":"part-6-putting-it-all-together","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","is_active":true},{"id":97454,"title":"Part 7: Conclusion","slug":"part-7-conclusion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-7-conclusion\/","is_active":false}],"report_materials":"","report_pagination":{"current_post":{"id":97447,"title":"Part 6: Putting It All Together","slug":"part-6-putting-it-all-together","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","is_active":true,"page_num":9},"next_post":{"id":97454,"title":"Part 7: Conclusion","slug":"part-7-conclusion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-7-conclusion\/","is_active":false,"page_num":10},"previous_post":{"id":97444,"title":"Part 5: Web Sites Not Covered","slug":"part-5-web-sites-not-covered","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-5-web-sites-not-covered\/","is_active":false,"page_num":8},"pagination_items":[{"id":97396,"title":"Exposed Online: The federal health privacy regulation and Internet user impacts","slug":"exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","is_active":false,"page_num":1},{"id":97403,"title":"About Us","slug":"about-us-4","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/about-us-4\/","is_active":false,"page_num":2},{"id":97409,"title":"The Terrain","slug":"the-terrain","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/the-terrain\/","is_active":false,"page_num":3},{"id":97416,"title":"Part 1: Public Opinion","slug":"part-1-public-opinion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-1-public-opinion\/","is_active":false,"page_num":4},{"id":97423,"title":"Part 2: The New Federal Health Privacy Regulation","slug":"part-2-the-new-federal-health-privacy-regulation","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-2-the-new-federal-health-privacy-regulation\/","is_active":false,"page_num":5},{"id":97432,"title":"Part 3: Covered Web Sites","slug":"part-3-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-3-covered-web-sites\/","is_active":false,"page_num":6},{"id":97438,"title":"Part 4: Partially Covered and Indirectly Covered Web Sites","slug":"part-4-partially-covered-and-indirectly-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-4-partially-covered-and-indirectly-covered-web-sites\/","is_active":false,"page_num":7},{"id":97444,"title":"Part 5: Web Sites Not Covered","slug":"part-5-web-sites-not-covered","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-5-web-sites-not-covered\/","is_active":false,"page_num":8},{"id":97447,"title":"Part 6: Putting It All Together","slug":"part-6-putting-it-all-together","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","is_active":true,"page_num":9},{"id":97454,"title":"Part 7: Conclusion","slug":"part-7-conclusion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-7-conclusion\/","is_active":false,"page_num":10}]},"parent_info":{"parent_title":"Exposed Online: The federal health privacy regulation and Internet user impacts","parent_id":97396},"materialsOrdered":[],"chaptersOrdered":[],"partsOrdered":[],"partsEnabled":false,"datacite_doi":"","prc_seo_data":{"title":"Part 6: Putting It All Together","description":"\u201cHorror Stories\u201d News stories have highlighted various types of privacy violations related to health information.\u00a0 The new federal privacy regulation will address only some violations of privacy that can occur&hellip;","og_title":"Part 6: Putting It All Together","og_description":"","schema_type":"Article","noindex":false,"canonical_url":"","primary_terms":[],"custom_schema":[],"og_image":0,"indexnow_submitted_at":null,"gsc_index_status":null},"prepublish_checks":{"prc-image-alt-text":{"status":"complete","message":"No image blocks in content.","data":null},"prc-about-this-research":{"status":"incomplete","message":"Add an \"About this research\" details block.","data":null},"prc-paragraph-count":{"status":"complete","message":"Found 7 paragraphs.","data":{"count":7}},"prc-internal-link":{"status":"incomplete","message":"Add at least one internal link.","data":{"count":0}}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"relatedPostsOrdered":[],"bylinesOrdered":[],"acknowledgementsOrdered":[],"_links":{"self":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts\/97447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/comments?post=97447"}],"version-history":[{"count":2,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts\/97447\/revisions"}],"predecessor-version":[{"id":134172,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts\/97447\/revisions\/134172"}],"wp:attachment":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/media?parent=97447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/categories?post=97447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/tags?post=97447"},{"taxonomy":"bylines","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/bylines?post=97447"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/collection?post=97447"},{"taxonomy":"datasets","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/datasets?post=97447"},{"taxonomy":"level_of_effort","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/level_of_effort?post=97447"},{"taxonomy":"primary_audience","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/primary_audience?post=97447"},{"taxonomy":"information_type","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/information_type?post=97447"},{"taxonomy":"_post_visibility","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/_post_visibility?post=97447"},{"taxonomy":"formats","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/formats?post=97447"},{"taxonomy":"_fund_pool","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/_fund_pool?post=97447"},{"taxonomy":"languages","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/languages?post=97447"},{"taxonomy":"regions-countries","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/regions-countries?post=97447"},{"taxonomy":"research-teams","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/research-teams?post=97447"},{"taxonomy":"workflow-status","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/workflow-status?post=97447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}