Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · S. 5218 (Introduced in Senate) — To amend titles XI and XVIII of the Social Security Act to strengthen, increase oversight of, and compliance with, se... · Sec. 103

Sec. 103. Increased civil penalties for failure to comply with security standards and requirements for health information

580 words·~3 min read·/bill/118/s/5218/is/section-103

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 1176 of the Social Security Act ( 42 U.S.C. 1320d–5 ) is amended— in subsection (a)(1), in the matter preceding subparagraph (A), by striking subsection
(b)and inserting subsections
(b)and
(d); by redesignating subsections
(d)and
(e)as subsections
(e)and (f); and by inserting after subsection
(c)the following new subsection: In the case of a violation of the security standards and requirements under section 1173(d) that occurs after the effective date of the requirements under paragraph (1)(B) of such section, the following rules shall apply: Subsection (a)(1)(A) shall be applied by substituting that is at least $500 for that is at least the amount described in paragraph (3)(A) but not to exceed the amount described in paragraph (3)(D) . Subsection (a)(1)(B) shall be applied by substituting that is at least $5,000 for that is at least the amount described in paragraph (3)(B) but not to exceed the amount described in paragraph (3)(D) . Subsection (a)(1)(C)(i) shall be applied by substituting that is at least $50,000 for that is at least the amount described in paragraph (3)(C) but not to exceed the amount described in paragraph (3)(D) . Subsection (a)(1)(C)(ii) shall be applied by substituting that is at least $250,000 for that is at least the amount described in paragraph (3)(D) . In addition to the factors described in the second sentence of subsection (a)(1), in determining the amount of a penalty under this section for a violation of the security standards and requirements under section 1173(d), the Secretary shall also base such determination on— the size of the covered entity or business associate (as such terms are defined in section 1173(d)(1)(B)(vi)) subject to the penalty; the full compliance history of the covered entity or business associate, good faith efforts to comply with the security standards and requirements; and such other matters as the Secretary determines appropriate. Subsection (a)(3) shall not apply. Subject to the regulation promulgated pursuant to subparagraph (B), any civil monetary penalty or monetary settlement collected with respect to a violation of the security standards and requirements under section 1173(d) that occurs after the effective date of such requirements under paragraph (1)(B) of such section shall be transferred to the Office for Civil Rights of the Department of Health and Human Services to be used for the purposes of enforcing the provisions of this part and subparts C and E of part 164 of title 45, Code of Federal Regulations (or any successor regulation). Not later than 18 months after the date of the enactment of this subparagraph, the Secretary shall establish by regulation a methodology under which an individual who is harmed by an act that constitutes a violation referred to in subparagraph
(A)may receive a percentage of any civil monetary penalty or monetary settlement collected with respect to such violation. The methodology under subparagraph
(B)shall be applied to any civil monetary penalty or monetary settlement collected with respect to a violation of the security standards and requirements under section 1173(d) that occurs after the effective date of such requirements under paragraph (1)(B) of such section. . Part 1 of subtitle D of the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17931 et seq. ), as amended by Public Law 116–321 , is amended by striking section 13412. The amendment made by this subsection shall take effect on the date of enactment of this Act, and apply to determinations made on or after such date.
Connectionstraces to 2
1 reference not yet in our index
  • 42 USC 1320d–5
Citation graph
cites case law
Sec. 103
Increased civil penalties for failure to comply with security standards and requirements for health information
U.S.C.§ 17931
Pub. L.Public Law 116-321
Cite42 USC 1320d–5
Cites 3Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.