← Back to context

Comment by tptacek

3 hours ago

That's an extremely charitable read of a DA's office alleging lawbreaking. I really think you have to kind of slant your head and squint to come away with the impression that that section isn't about Lim, but rather the unnamed medical office.

9 comments

tptacek

Reply
dijksterhuis  3 hours ago

As i said, neither of us is lawyers. Neither of us are experts in what a DA's office has written, and what that writing should be interpreted as under the law. Perhaps a more charitable reading is what is called for, given we're not experts in the domain.

i don't know about you, but i'm pretty confident a DA's office has a much better idea than me about what each of the HIPAA sentences in the document translate to in terms of "allegations".

  • tptacek  2 hours ago

    The question you're raising isn't a legal one, at least as I understand it. I read you to be saying "the reasonable take on this document is that they are saying SOMEONE violated HIPAA, but not Lim".

    That's a question about messaging, not the law.

    • dijksterhuis  2 hours ago

      i didn't raise the legal point.

      > † btw: if you're the DA for a jurisdiction that includes a reporter, and you claim the reporter's journalism is unlawful, you sure as shit better have that right.

      > That's an extremely charitable read of a DA's office alleging lawbreaking.

      you seem to be inferring that the DA has made an allegation of unlawful acts, and that there could be consequences for that allegation. that sort of thing often entails "legal stuff". courts and judges stuff. hence, my spiel on "we are not lawyers".

      i believe you stated an *uncharitable* take on the bullet points in the document. my point is that there is another reading. one where the benefit of the doubt is given to the relative experts in law. a sibling in the thread seems to agree that *a* violation occurred, not directly implicating Lim, which implies that they may have read it a similar way to my *charitable* take.

      https://news.ycombinator.com/item?id=48184449

phonon  2 hours ago

A. That's how I read it too. B. You can be criminally liable for HIPAA violations, if you induce someone covered by them to violate them. See for example https://www.justice.gov/usao-nj/media/1254226/dl (indictment of KEITH RITSON)

"COUNT 2 (Conspiracy to Wrongfully Obtain and Disclose Individually Identifiable Health Information) 19. Paragraphs 1-3 and 5-18 of Count 1 of this Superseding Information are hereby realleged and incorporated as though set forth in full herein. 20. At all times relevant to this Superseding Information: a. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) protects individually identifiable health information from wrongful disclosure or obtainment and seeks to set national standards to maintain patient confidentiality. b. In connection with HIPAA, the United States Department of Health and Human Services enacted regulations to safeguard the privacy of patients’ medical records and limit circumstances in which individually identifiable health information or protected health information can be used or disclosed. The HIPAA law and privacy regulations apply to, among others, health care providers, such as medical doctors, who transmit health information in connection with a transaction covered by the law and privacy regulations. c. Frank Alario, who is listed as a co-conspirator with respect to Count 2 of this Superseding Information but not as a defendant herein, was a health care provider and a covered entity under the HIPAA law and privacy regulations.

21. From in or about August 2014 through in or about February 2016, in the District of New Jersey, and elsewhere, defendant KEITH RITSON did knowingly and intentionally conspire and agree with Frank Alario and others to commit offenses against the United States, that is, to knowingly and without authorization obtain individually identifiable health information and protected health information to another person, and to knowingly and without authorization disclose individually identifiable health information and protected health information maintained by a covered entity relating to individuals, contrary to Title 42, United States Code, Section 1320d-6."

  • tptacek  2 hours ago

    Is there a fact pattern where Lim could have bank-shot criminal liability despite not herself being a covered entity? Probably? She could have misrepresented who she was and obtained the records through fraud, for instance. Again, my thing here is, if you're going to put those kinds of accusations on the table, and you're a district attorney, you'd better come correct. The facts presented in the document the DA's office shared are not sufficient to allege wrongdoing by Lim.

    • phonon  1 hour ago

      If you induce someone to violate HIPAA who is covered by it (like say a nurse at a hospital), you can be criminally liable. There is no carve-out for journalists. BOTH the person who gave the record and the person who induced them to give it could be liable (not in the same way, possibly). In any case, you seemed to think there was a bright line rule of some sort, that "At one point it accuses Lim of "violating HIPAA", which is not a thing† (HIPAA constrains covered entities, not reporters)." when in fact you can be criminally liable for inducement/conspiracy etc if you induce someone who is covered to give you those records, under https://www.law.cornell.edu/uscode/text/42/1320d-6

      Here is another similar case of a non-medical person violating HIPAA.

      https://www.justice.gov/usao-wdtn/pr/memphis-man-sentenced-c...

      Take the L :-)

      3 replies →