§ 90‑414.12.  Penalties and remedies; immunity for covered entities and business associates for good faith participation.

(a) Except as provided in subsection (b) of this section, a covered entity that discloses protected health information in violation of this Article is subject to the following:

(1) Any civil penalty or criminal penalty, or both, that may be imposed on the covered entity pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, P.L. 111‑5, Div. A, Title XIII, section 13001, as amended, and any regulations adopted under the HITECH Act.

(2) Any civil remedy under the HITECH Act or any regulations adopted under the HITECH Act that is available to the Attorney General or to an individual who has been harmed by a violation of this Article, including damages, penalties, attorneys' fees, and costs.

(3) Disciplinary action by the respective licensing board or regulatory agency with jurisdiction over the covered entity.

(4) Any penalty authorized under Article 2A of Chapter 75 of the General Statutes if the violation of this Article is also a violation of Article 2A of Chapter 75 of the General Statutes.

(5) Any other civil or administrative remedy available to a plaintiff by State or federal law or equity.

(b) To the extent permitted under or consistent with federal law, a covered entity or its business associate that in good faith submits data through, accesses, uses, discloses, or relies upon data submitted through the HIE Network shall not be subject to criminal prosecution or civil liability for damages caused by such submission, access, use, disclosure, or reliance. (2015‑241, s. 12A.5(d).)