A "bizarre" ruling by the U.S. Justice Department limits the government's ability to prosecute people who violate the 1996 law on medical record privacy.
Justice said the law that carries a maximum $250,000 fine and 10-year prison term applies only to covered entities -- insurers, doctors, hospitals and other providers -- but not necessarily their employees or outsiders.
Privacy expert Robert Gellman said the June 1 decision surprised him.
"Under this decision, a tremendous amount of conduct that is clearly wrong will fall outside the criminal penalties of the statute," Gellman told the New York Times.
The Justice Department ruling contradicts the theory that led to prison for Richard Gibson of Seattle, who admitted misusing patient information while working for a hospital consortium.
"This is a very bizarre interpretation of the statute," said lawyer Gregory Ursich, who represented the victim. "I worry that Gibson might use the Justice Department opinion to overturn his conviction."
The Justice Department declined comment on the ruling, which is binding on the executive branch but not on judges.
© Copyright 2005 by United Press International
