What is HIPAA Violation?

Published on : 03 Aug 2021

What is a HIPAA violation

HIPAA Violation is basically a failure to comply with any of the HIPAA Rules and requirements. This would include failing to comply with HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Omnibus Rule, and the HIPAA Breach Notification Rule. Keeping up with the HIPAA regulations is essential for any institute or organization that falls in the scope of compliance. Failure to comply can be expensive with the HIPAA violation fines range from $100 to over $4 million. There are two types of HIPAA violations – civil or criminal and each of them has a different fine structure that is explained below.

Civil HIPAA Penalty

Civil penalties are levied on individuals who have committed a HIPAA violation without any malicious intent. This means they were either neglectful or unaware about their actions and penalties in such a case may be as follows

  • If the individual was not aware of committing a HIPAA violation they may be fined $100 per violation.
  • If the individual had reasonable cause for their actions but did not act with willful neglect, they may be fined a minimum of $1,000.
  • If the individual was acting with willful neglect, but then fixed the issue, they may be fined a minimum of $10,000 per violation.
  • If the individual was acting with willful neglect and did not fix the issue, they’re fined a minimum of $50,000 per violation.

Criminal HIPAA Penalty

If the individual commits a violation with malicious intent, the violation will result in criminal penalties which are significantly harsh compared to the civil penalty. The penalties in such case may be as follows 

  • If the individual knowingly obtained and disclosed PHI they may be fined up to $50,000 and jailed for up to a year.
  • If the individual commits a violation under false pretense, they may be fined up to $100,000 and jailed for up to 5 years.
  • If the individual commits the violation for personal gain that is if they sell PHI or uses it to harm the patient, they can get fined up to $250,000 and jailed for up to 10 years.
5/5 - (3 votes)
Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.