What is a HIPAA violation? While an endless variety of scenarios exist, a few of the most common and avoidable include certain characteristics, such as unencrypted data, employee error, data stored on devices lost or stolen, business associates, and a lapse in notification.

The penalties and fines for a HIPAA violation range from monetary to potential imprisonment for criminal offenses:

VIOLATION TYPE MINIMUM PENALTY MAXIMUM PENALTY
Individual didn’t know they violated HIPAA $100/violation; annual max of $25,000/repeat violations $50,000/violation; annual max of $1.5 million
Reasonable cause and not willful neglect $1,000/violation; annual max of $100,000/repeat violations $50,000/violation; annual max of $1.5 million
Willful neglect but corrected within time $10,000/violation; annual max of $250,000/repeat violations $50,000/violation; annual max of $1.5 million
Willful neglect and is not corrected $50,000/violation; annual max of $1.5 million $50,000/violation; annual max of $1.5 million

Source: American Medical Association, www.AMA-ASSN.org

Another category of a HIPAA violation includes covered entities and individuals that knowingly breached the HIPAA rules (criminal). A HIPAA breach committed with intent to sell, transfer or use individually identifiable health information for personal or financial gain, or malicious harm, can result in fines of $250,000 and imprisonment for up to ten years.

I wrote more on the topic of common mistakes and the preventative measures any covered entity can take to eliminate the risks that may lead to a data breach here:

What is a HIPAA Violation?

Find real cases and read more about the events, repercussions, and impact of a data breach:
Total Cost of a HIPAA Violation: 18.5 Million
Michigan HIPAA Violations
Sutter Health HIPAA Breach: Lessons Learned
Military Healthcare Contractor’s HIPAA Breach Followed By a $4.9 Billion Lawsuit