Section R380-250-5 - Sanctions, Retaliation(1) An employee of a covered program may be disciplined for failure to comply with the HIPAA Privacy Rule requirements found in 45 CFR Part 164, Subpart E. Discipline may include termination and civil or criminal prosecution.(2) An employee of a covered program may not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any person for exercising any right established by the HIPAA Privacy Rule or for opposing in good faith any act or practice made unlawful by the HIPAA Privacy Rule.Utah Admin. Code R380-250-5