This article is within the scope of WikiProject Law, an attempt at providing a comprehensive, standardised, pan-jurisdictional and up-to-date resource for the legal field and the subjects encompassed by it.
This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions.
Section 6039G of HIPAA has a very curious provision. Skipping the legalese, this section requires that the IRS regularly publish in the Federal Register a list of individuals who have chosen to expatriate, something which is unrelated to the main purpose of the act.
It's an odd thing to have in a bill, but it's getting a bit more attention and there's a Wikipedia page containing notable expatriates, many of whom were uncovered under HIPAA's 6039G, and is also being reported heavily at the Isaac Brock Society Web site (a site for Americans abroad who are upset with US tax policy vis-a-vis expats).
Since the Wikipedia comments say "no more links", I would like to add a link to mention a bit of background on this subject. While it's not commonly known about inside of the US, those of us Americans living outside the US are being heavily impacted by this issue. Presumably, Eduardo Saverin was "outed" as renouncing his US citizenship due to the April 2012 Federal Register listing him, thus leading to great controversy and the drafting of the Ex-PATRIOT Act.
It wouldn't be appropriate to just link to an external website discussing it, but it's possible that the topic is encyclopedic enough to treat directly in the article, following all appropriate policies and guidelines, especially those pertaining to reliable sources. --SarekOfVulcan (talk) 15:19, 12 July 2012 (UTC)
Thank you for that. I'll look at pulling together a useful article. The entire provision has been rather controversial and I'll try to do it justice. Overseasexile (talk) 15:27, 12 July 2012 (UTC)
I see from the bill that it's part of the Revenue Offsets title. Guess that explains how it got in there... --SarekOfVulcan (talk) 15:40, 12 July 2012 (UTC)
The picture titled hipaa.jpg, with a nurse shredding documents labelled 'Confidential' seems to be an attempt at criticism, and is not representative of HIPAA. I think that kind of satire is best left to a public forum, not here.— Preceding unsigned comment added by Tccam (talk • contribs) 18:09, 23 May 2013 (UTC)
Agreed: OMG, that image is inappropriate! It claims to come from a free source but I also see it sold on hipaacartoons.com. I am removing it now. 18.104.22.168 (talk)
Major DELETION and REWRITE of "Notable Violations"
Before my edit, this section was arbitrary and capricious in singling out one incident involving Shasta Regional Medical Center (SRMC) that was reported in the California media, which was *not* in fact a verified example of a HIPAA violation as written in the deleted text at the time it was written (more on this below). Instead I replaced it with objectively more significant reports -- plural -- of violations reported in impartial government sources. Wikipedia is not an advocacy forum, it is a reference work, and the singling out of SRMC executives or the parent corporation Prime Healthcare Services here violates Wikipedia's NPOV in terms of undue weight, balance, impartial tone, and bias in sources. First, the deleted text did not describe actual violations -- plural -- it only contained one case of a single alleged violation. Second, I do not like to get lawyerly and use terms like "alleged" but it is appropriate here because the text cited statements made by people quoted in 2012 newspaper articles but they are not the ones who make a determination of a HIPAA violation, that lies with the United States Department of Health and Human Services Office for Civil Rights (OCR). The SRMC incident took place in 2010 (not 2012 as referenced in the deleted text) and the text appears to have been written in 2012 based on the sources, and edited as late as Sept 2013 based on the page history. However, there was nothing verifiable that a HIPAA violation took place in the text as it was written and with the sources it cited. Nevertheless, in June of 2013, reports surfaced that a separate action by the California State Dept of Public Health resulted in fines to Prime Healthcare of $98,000, and that Prime Healthcare announced a settlement with DHHS OCR of $275,000. So one could say there *was* a HIPAA violation but not because of the deleted text's insinuations, but through public sources that were never referenced in the deleted text. Third, the problems with balance and weight of the SRMC incident as an illustration for HIPAA violations is more important that the above issues of veracity, tone, and timeliness of the deleted text. That is why it is not an appropriate action to update the references in the deleted text, rather better and more appropriate examples of HIPAA violations -- plural -- should occur if there is to be this kind of section in the article at all. For example, according to HHS, between April 2003 and January 2013 there were 91,000 complaints of HIPAA violations reported in which 22,000 led to enforcement actions of varying kinds (from warnings to fine) and 521 led to referrals to the US Dept of Justice (criminal actions)(http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html). Note that in 2010 alone, when the SRMC case took place, there were 8,700 reports of violations (http://www.hhs.gov/ocr/privacy/hipaa/enforcement/data/complaintsyear.html). In this context it is hard to argue that the lone SRMC case was notable or unique in any way that justifies its inclusion in this Wikipedia article, when by comparison, there are many instances of clearly more significant examples. Neither the numbers nor fines in the SRMC are significant. For instance, the largest loss of control over patient information was committed by Tricare Management Activity of Virgina in 2011 that affected 4.9 million people, while the second largest breach of confidential records arising from the theft of a desktop computer occurred with Advocate Health and Hospitals Corp of Illinois in 2013 that affected 4.0 million people (http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html). The largest civil fine imposed by HHS OCR was $4.3 million against Cignet of Maryland in 2011 (http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cignetpenaltynotice.pdf). THOSE are significant and notable examples of HIPAA violations. THOSE belong in the reference article. That is why I used them to replace the relatively parochial and relatively minor SRMC incident whose description and inclusion violates Wikipedia's NPOV rules in multiple ways. I added a table for the penalties imposed by HHS for violations of HIPAA, both civil and criminal. Finally, I renamed the section to the more broad heading of "Violations of HIPAA."Lapabc (talk) 21:47, 4 March 2014 (UTC)
History of changes between Clinton and Bush administration