Tel: (515) 865-4591
 
 
 

HIPAA Violations: HIPAA Fines and HIPAA Penalties for Non-Compliance.

Covered entity can be fined for HIPAA violations by HIPAA enforcement agencies. HIPAA penalties can be Civil and Criminal.

HIPAA sets severe penalties for non-compliance. The penalties may be:

  • Civil
  • Criminal
  • Financial
  • Imprisonment

Under "General Penalty for Failure to Comply with Requirements and Standards" of Public Law 104-191, the Health Insurance Portability and Accountability Act of 1996, Section 1176 says that the Secretary can impose fines for noncompliance as high as $100 per offense, with a maximum of $25,000 per year on any person who violates a provision of this part.
Under "Wrongful Disclosure of Individually Identifiable Health Information," Section 1177 states that a person who knowingly:

  • uses or caues to be used a unique health identifier;
  • obtains individually identifiable health information relating to an individual; or
  • discloses individually identifiable health information to another person,
  • shall be fined not more than $50,000, imprisoned not more than 1 year, or both:
  • if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and
  • if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

HIPAA Complains and HIPAA Enforcement Agencies

PART OF ADMINISTRATIVE SIMPLIFICATION

RESPONSIBLE FOR HIPAA ENFORCEMENT

Privacy

HHS Office for Civil Rights (OCR)
act Sheet: How to File a Health Information Privacy Complaint
Complaints, which must be submitted in writing within 180 days of an unauthorized disclosure, can be faxed or mailed to the appropriate OCR regional office, or sent via email.

Transactions and Code Sets

Centers for Medicare & Medicaid Services (CMS)
CMS and OCR will work together on outreach and enforcement and on issues that touch on the responsibilities of both organizations - such as application of security standards or exception determinations.
CMS'Online Complaint Submission Form allows complaints to be submitted about covered entities' non-compliance with the HIPAA transaction standards. Complaints can also be submitted on a paper-based form available by download from the site (PDF).

Security

Centers for Medicare & Medicaid Services (CMS)

Identifiers

Centers for Medicare & Medicaid Services (CMS)

 
View Sample HIPAA Security Policy

HIPAA Certification Flyer

HIPAA Compliance Template Suites

HIPAA Training Comparison