Dustin James Ortiz, 49, pleaded guilty to conspiracy to wrongfully obtain and disclose individually identifiable health information and wrongfully obtaining individually identifiable health information after conspiring with a then-employee of the Veterans Affairs Medical Center (VAMC) in Des Moines.
Ortiz received protected health information that pertained to a victim’s mental health conditions and medications. This information was obtained without authorization and then disclosed to a third party.
Civil vs. Criminal HIPAA Violations
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
The primary focus of HIPAA’s Rules and Regulations is maintaining the privacy and security of each patient’s PHI. The Department of Health and Human Services’ Office for Civil Rights is responsible for enforcement of HIPAA, which can be done both through regular audits and investigations following a data breach.
If violations of HIPAA rules are discovered, OCR can then assess civil penalties, including fines and monitoring, depending on the severity of the violation and the organization’s awareness of the circumstances.