I went back and looked and I’m not sure I agree with you. Lots of places it talks about covered persons and entities and there are other penalty sections. This penalty section is different especially since it applies to “any person”. Not any person who is covered by the act or works for a covered entity. If I don’t work for a covered entity and I steal your medical records and sell them to the NY Times then by your logic I’d be home free except for the theft angle. The actual value of the paper file is questionable especially if I copied it rather than taking the file itself.
Drudge BTW has changed his link it no longer uses the word expose. It now says: “NYT PREPARES TO FRONT DETAILED STORY ON PALIN’S BABY, NEWSROOM SOURCES TELL DRUDGE... DEVELOPING...” That takes away the negative connotation of expose, but it still might include medical record info maybe on the baby.
Of what possible interest is this to anyone outside the Palin family?? Remember, the NYT are so elitist and out of touch that they really believe knuckle-dragging conservatives will recoil in horror at their story of the birth of a Down’s Syndrome baby, the same way they thought we would all be too shocked to vote for Bush/Cheney when they broadcast Dick Cheney’s daughter is a lesbian. They don’t understand us at all, and if a single one of them spent a day in a church or synagogue they would know that we condem sins but not the sinner. Since the elite media is never exposed to anyone outside their own echo chamber, they just don’t get it. Never have, never will.
At this point, let them keep talking and dig a deeper hole. What a bunch of effete morons. On November 6, they will sit around the NYT lunchroom nibbling on carrots and arrugala, shaking their heads in disbleief and declaring that they do not know a single person who voted for McCain/Palin.
If you stole the records, you could be prosecuted for theft, not a HIPAA violation. The hospital or provider, however, could be prosecuted under HIPAA if they had not done due diligence in securing the medical records in the first place.
I work out of my home, and I read medical records every day. If I leave them out on my desk, and someone walks into my office, and takes them while I was gone, that would be a HIPPA violation on my part only. But if I had them in a locked file cabinet, and you broke in and stole them, I probably wouldn't be, because I had used "due diligence".
I am sure the patient could sue you in a civil court for the release of information, but criminally you would probably get only the theft, and possibly breaking and entering.