PRIA Logo
Title 42The Public Health and WelfareRelease 119-73not60

§17939 Improved Enforcement

Title 42 › Chapter 156— HEALTH INFORMATION TECHNOLOGY › Subchapter III— PRIVACY › Part A— Improved Privacy Provisions and Security Provisions › § 17939

Last updated Apr 5, 2026|Official source

Summary

Covered entities that violate the privacy or security rules must be punished and paid under the enforcement rules in sections 1176 and 1177 of the Social Security Act (42 U.S.C. 1320d–5, 1320d–6). The changes to how penalties work apply to penalties imposed on or after 24 months after February 17, 2009. The Secretary of Health and Human Services must write rules to carry out these changes within 18 months after February 17, 2009. Fines or settlements for privacy or security offenses must be sent to the HHS Office for Civil Rights to use for enforcing the subchapter and subparts C and E of 45 C.F.R. part 164 as they stood on February 17, 2009, once required regulations are in place. The Comptroller General must give the Secretary recommendations within 18 months after February 17, 2009 for a method to let harmed individuals receive a share of such fines or settlements. The Secretary must adopt a regulation, based on those recommendations, within 3 years after February 17, 2009; that method applies to penalties or settlements imposed on or after the regulation’s effective date. The listed amendments apply to violations occurring after February 17, 2009.

Full Legal Text

Title 42, §17939

The Public Health and Welfare — Source: USLM XML via OLRC

(a)(1)
(2)Any violation by a covered entity under thus 11 So in original. Probably should be “this”. subchapter is subject to enforcement and penalties under section 22 So in original. Probably should be “sections”. 1176 and 1177 of the Social Security Act [42 U.S.C. 1320d–5, 1320d–6].
(b)(1)The amendments made by subsection (a) shall apply to penalties imposed on or after the date that is 24 months after February 17, 2009.
(2)Not later than 18 months after February 17, 2009, the Secretary of Health and Human Services shall promulgate regulations to implement such amendments.
(c)(1)Subject to the regulation promulgated pursuant to paragraph (3), any civil monetary penalty or monetary settlement collected with respect to an offense punishable under this subchapter or section 1176 of the Social Security Act (42 U.S.C. 1320d–5) insofar as such section relates to privacy or security shall be transferred to the Office for Civil Rights of the Department of Health and Human Services to be used for purposes of enforcing the provisions of this subchapter and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of February 17, 2009.
(2)Not later than 18 months after February 17, 2009, the Comptroller General shall submit to the Secretary a report including recommendations for a methodology under which an individual who is harmed by an act that constitutes an offense referred to in paragraph (1) may receive a percentage of any civil monetary penalty or monetary settlement collected with respect to such offense.
(3)Not later than 3 years after February 17, 2009, the Secretary shall establish by regulation and based on the recommendations submitted under paragraph (2), a methodology under which an individual who is harmed by an act that constitutes an offense referred to in paragraph (1) may receive a percentage of any civil monetary penalty or monetary settlement collected with respect to such offense.
(4)The methodology under paragraph (3) shall be applied with respect to civil monetary penalties or monetary settlements imposed on or after the effective date of the regulation.
(d)(1)
(4)The amendments made by this subsection shall apply to violations occurring after February 17, 2009.
(e)(1)
(3)The amendments made by this subsection shall apply to violations occurring after February 17, 2009.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

This subchapter, referred to in subsecs. (a)(2) and (c)(1), was in the original “this subtitle”, meaning subtitle D (§ 13400 et seq.) of title XIII of div. A of Pub. L. 111–5, Feb. 17, 2009, 123 Stat. 258, which is classified principally to this subchapter. For complete classification of subtitle D to the Code, see Tables. For reference to “the

Amendments

made by subsection (a)” in subsec. (b)(1) and “the

Amendments

made by this subsection” in subsecs. (d)(4) and (e)(3), see Codification note below. Codification Section is comprised of section 13410 of Pub. L. 111–5. Subsecs. (a)(1), (d)(1)–(3), (e)(1), (2), and (f) of section 13410 of Pub. L. 111–5 amended section 1320d–5 of this title.

Statutory Notes and Related Subsidiaries

Effective Date

Section effective 12 months after Feb. 17, 2009, except as otherwise specifically provided, see section 13423 of Pub. L. 111–5, set out as a note under section 17931 of this title.

Reference

Citations & Metadata

Citation

42 U.S.C. § 17939

Title 42The Public Health and Welfare

Last Updated

Apr 5, 2026

Release point: 119-73not60