What is a HIPAA violation? While an endless variety of scenarios exist, a few of the most common and avoidable include certain characteristics, such as unencrypted data, employee error, data stored on devices lost or stolen, business associates, and a lapse in notification.
The penalties and fines for a HIPAA violation range from monetary to potential imprisonment for criminal offenses:
|VIOLATION TYPE||MINIMUM PENALTY||MAXIMUM PENALTY|
|Individual didn’t know they violated HIPAA||$100/violation; annual max of $25,000/repeat violations||$50,000/violation; annual max of $1.5 million|
|Reasonable cause and not willful neglect||$1,000/violation; annual max of $100,000/repeat violations||$50,000/violation; annual max of $1.5 million|
|Willful neglect but corrected within time||$10,000/violation; annual max of $250,000/repeat violations||$50,000/violation; annual max of $1.5 million|
|Willful neglect and is not corrected||$50,000/violation; annual max of $1.5 million||$50,000/violation; annual max of $1.5 million|
Source: American Medical Association, www.AMA-ASSN.org
Another category of a HIPAA violation includes covered entities and individuals that knowingly breached the HIPAA rules (criminal). A HIPAA breach committed with intent to sell, transfer or use individually identifiable health information for personal or financial gain, or malicious harm, can result in fines of $250,000 and imprisonment for up to ten years.
I wrote more on the topic of common mistakes and the preventative measures any covered entity can take to eliminate the risks that may lead to a data breach here:
Find real cases and read more about the events, repercussions, and impact of a data breach:
Total Cost of a HIPAA Violation: 18.5 Million
Michigan HIPAA Violations
Sutter Health HIPAA Breach: Lessons Learned
Military Healthcare Contractor’s HIPAA Breach Followed By a $4.9 Billion Lawsuit