HIPAA Violation is basically a failure to comply with any of the HIPAA Rules and requirements. This would include failing to comply with HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Omnibus Rule, and the HIPAA Breach Notification Rule. Keeping up with the HIPAA regulations is essential for any institute or organization that falls in the scope of compliance. Failure to comply can be expensive with the HIPAA violation fines range from $100 to over $4 million. There are two types of HIPAA violations – civil or criminal and each of them has a different fine structure that is explained below.
Civil HIPAA Penalty
Civil penalties are levied on individuals who have committed a HIPAA violation without any malicious intent. This means they were either neglectful or unaware about their actions and penalties in such a case may be as follows
- If the individual was not aware of committing a HIPAA violation they may be fined $100 per violation.
- If the individual had reasonable cause for their actions but did not act with willful neglect, they may be fined a minimum of $1,000.
- If the individual was acting with willful neglect, but then fixed the issue, they may be fined a minimum of $10,000 per violation.
- If the individual was acting with willful neglect and did not fix the issue, they’re fined a minimum of $50,000 per violation.
Criminal HIPAA Penalty
If the individual commits a violation with malicious intent, the violation will result in criminal penalties which are significantly harsh compared to the civil penalty. The penalties in such case may be as follows
- If the individual knowingly obtained and disclosed PHI they may be fined up to $50,000 and jailed for up to a year.
- If the individual commits a violation under false pretense, they may be fined up to $100,000 and jailed for up to 5 years.
- If the individual commits the violation for personal gain that is if they sell PHI or uses it to harm the patient, they can get fined up to $250,000 and jailed for up to 10 years.