skip to main content

H.R. 3763 (113th): Personal Health Information Protection Act


The text of the bill below is as of Dec 12, 2013 (Introduced). The bill was not enacted into law.


I

113th CONGRESS

1st Session

H. R. 3763

IN THE HOUSE OF REPRESENTATIVES

December 12, 2013

introduced the following bill; which was referred to the Committee on Oversight and Government Reform, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned

A BILL

To impose penalties for the unauthorized disclosure of personal health information by Federal employees.

1.

Short title

This Act may be cited as the Personal Health Information Protection Act .

2.

Unauthorized disclosure of personally identifiable covered information

(a)

Liability for Certain Acts

(1)

In general

It shall be unlawful for any officer or employee of the United States—

(A)

willfully to make an unauthorized disclosure of personally identifiable covered information; or

(B)

to conspire to commit a violation of subparagraph (A).

(2)

Penalty

(A)

In general

Any violation of paragraph (1) shall be subject to a penalty of not more than the greatest of—

(i)

the penalty specified in the law setting forth the offense which covers a violation of paragraph (1), or

(ii)

the penalty set forth in subparagraph (B).

(B)

Uniform penalty

The penalty set forth in this subparagraph is a felony punishable upon conviction by—

(i)

a fine in any amount not exceeding $100,000 for each such violation and imprisonment of not more than 7 years,

(ii)

the costs of prosecution, and

(iii)

dismissal from office or discharge from employment.

(C)

Forfeiture of annuities and retired pay

A violation of paragraph (1) shall be treated as an offense to which sections 8312 and 8432(g)(5) of title 5, United States Code, apply.

(b)

Definitions

For purposes of this section—

(1)

Officer of the United States

The term officer of the United States means an officer appointed pursuant to section 2104(a)(1)(C) of title 5, United States Code.

(2)

Employee of the United States

The term employee of the United States means an employee, as defined by section 2105 of title 5, United States Code.

(3)

Personally identifiable covered information

The term personally identifiable covered information means protected health information (as defined in section 160.103 of title 45, Code of Federal Regulations, or any successor regulation).

3.

Private right of action

(a)

In general

Any person who violates section 2 of this Act or who willfully aids, abets, counsels, induces, or procures the commission of a violation of section 2 of this Act shall be liable to the person whose personally identifiable covered information was disclosed in violation of section 2 of this Act

(1)

in the amount of $100,000 for each such violation, and

(2)

for costs of prosecution and attorney fees.

(b)

Jurisdiction; statute of limitations; venue; process

The United States district courts shall have exclusive jurisdiction of actions brought under this section. Any such action shall be brought not later than two years after the date the cause of action arises. Any action brought under subsection (a) of this section may be brought in any judicial district wherein the defendant is found, resides, or transacts business, or in the judicial district wherein any act or transaction constituting the violation occurs. Process in such action may be served in any judicial district of which the defendant is an inhabitant or wherever the defendant may be found.