Healthcare Entities and the US PARIOT Act?

Applicability to Hospitals and Medical Organizations

By Gregory O. Ginn; PhD, CPA, MBA, CMP™ (Hon)

By Hope Rachel Hetico; RN, MHA, CMP™


After the September 11, 2001 terrorist attacks against the United States, the US Congress passed Public Law 107-56 whose short title is “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT Act) Act of 2001.”

At first blush, the Act seems to have very little to do with hospitals, healthcare organizations or the medical industrial complex; however, upon closer inspection, several sections appear to be relevant to the industry. 

The Prevention and Detection of Money Laundering 

Title III of the USA PATRIOT Act is entitled the “International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001.” The purposes of the Act are “to prevent, detect, and prosecute money laundering and the financing of terrorism.” Healthcare responsibilities in a money laundering program may include:

· Developing internal policies, procedures, and controls;

· Designation a chief compliance officer;

· Ongoing employee training programs; and

· Executing an independent audit program to test compliance 

Preparedness for Biological and Chemical Attacks 

Title X of the USA PATRIOT Act contains several calls for strengthening the public health system. Section 1013(a)(4) calls for “enhanced resources for public health officials to respond to potential bioterrorism attacks.”

Hospitals can take several steps to mitigate even in the absence of significant funding: 

· First, hospitals can establish links with ‘first responders’ such as local law enforcement, fire departments, state and local government, other hospitals, emergency medical services, and local public health departments.

· Second, hospitals can establish training programs to educate hospital staff on how to deal with chemical and biological threats.

· Third, hospitals can make changes in their information technology to facilitate disease surveillance that might give warning that an attack has occurred. Information technology may be useful in identifying the occurrence syndromes such as headache or fevers that might not be noticed individually but in the aggregate would signal that a biological or chemical agent had been released.

· Fourth, hospitals may be able to acquire access to staff and equipment to respond to biological and chemical attack through resource sharing arrangements in lieu of outright purchases. 

Protection of Critical Infrastructures 

Title X of the USA PATRIOT Act also contains section 1016, entitled “The Critical Infrastructures Protection Act of 2001.” It acknowledges that the defense of the United States is based upon the functioning of many networks and that these networks must be defended against attacks of both a physical and virtual nature.

Section 1016 also specifies that actions necessary to carry out policies designed to protect the infrastructure will be based upon public and private partnerships between the government and corporate and non-governmental agencies. 

Toward this end, the Act establishes a National Infrastructure Simulation and Analysis Center (NISAC) to support counter-terrorism, threat assessment, and risk mitigation. NISAC will acquire data from governments and the private sector to model, simulate, and analyze critical infrastructures including cyber, telecommunications, and physical infrastructures.

Health Insurance Implications 

With the recent popularity and growth of High Deductible Health Care Plans [HDHCPs], compliance with the USA PATRIOT Act has becomes an important issue for these new, hybrid health insurance products that place financial services organizations into relationships with shared information institutions like hospitals, healthcare organizations, medical clinics and patient clients.

This happens because many HDHCPs are opened by mail or online, as patients use the internet to search for policies. Appropriately, banks, healthcare entities and hospitals are working with insurance companies, trust companies and broker-dealers to offer identity-compliant and integrated HDHCPs. Verifications that these clients are who they say they are, is as paramount as monitoring their activity?

Healthcare organizations may meet these requirements by implementing a Customer Identification Program [CIP] and/or Anti-Money laundering requirements. Section 314(b) of the Act permits financial institutions, upon providing notice to the United States Department of the Treasury, to share information with one another in order to identify and report to the federal government activities that may involve money laundering or terrorist activity. 


Almost five years after passage of the USA PATRIOT Act, little is known about how it is being used to track terrorists, healthcare organization activity, or innocent Americans.

Unfortunately, the Muslim doctor terrorist incident of July, 2007 in North Staffordshire Hospital near Glasgow, implicated eight medical-workers of a clandestine Al-Qaeda sleeper cell in an attempted attack in Great Britain.  

Although successfully thwarted, the fact that all were tied to the British National Healthcare System [NHS] indicates the international nature of such threats and growing domestic reliance on foreign-trained physicians which must be carefully screened. 


The USA PATRIOT Act provides little indication in its title to affect the management of hospitals. Nevertheless, it is intended to safeguard the nation and its economy.

Since the healthcare industry is such a large part of the economy, it follows that legislation designed to protect our nation and economy will invariably have an effect on hospitals. 

And so, has your hospital or healthcare organization analyzed its activities to comply, prevent and/or mitigate losses and very possibly improve its financial performance by adhering to the US PARIOT Act?

Product DetailsProduct DetailsProduct Details


4 Responses

  1. The hospitals I have worked with recently have indeed taken steps to comply with this law. In particular, measures have been taken to prepare for possible terrorist attacks and to mitigate the effects of any events.

    I am generally not a fan of unfunded mandates, but compliance with this law may actually provide some financial benefits for hospital systems. The planning that goes into this process can also help to prepare for non-terrorist incidents. This includes preparedness for a medical response to natural disasters or industrial accidents. A more common problem, mostly unrelated to terrorism at this time, is the hacking of computer systems. Having safeguards in place to protect against compromise of this can provide ongoing benefits for a hospital system.

    Brain J. Knabe; MD


  2. Update

    The House of Representatives just failed to extend the life of three surveillance tools that are crucial to the United States’ post-Sept. 11 anti-terror law, a slipup for the new Republican leaders who miscalculated the level of opposition.



  3. PA Provisions Update

    The House has agreed to a 10-month extension of three key provisions of an anti-terrorism Patriot Act law that have met resistance from both conservatives and liberals as infringements on civil liberties and privacy rights.



  4. Congress Passes Patriot Act Provisions

    Despite passionate but few objections, Congress voted decisively to extend the controversial government act. The bill extends terror-fighting powers and now awaits President Obama’s signature

    Ann Miller RN MHA


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: