HIPAA Fines Listed by Year

HIPAA Settlements, Fines, and Penalties

HIPAA settlements are hard to keep track of–that’s why we’ve created this simple directory of large-scale HIPAA fines listed by year. All information on HIPAA violation cases is provided by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) on their HIPAA Resolution Agreements overview.

For the full list of HIPAA breaches and fines, you can visit OCR’s Breach Portal, or “Wall of Shame“. This is where OCR lists the countless other small-scale HIPAA breaches and fines. View our HIPAA fines chart below for the full HIPAA settlements list.

Remember that large-scale settlements are only a fraction of the fines levied by federal investigators every year. Once you’ve had a HIPAA breach, one of the consequences of violating HIPAA is that the name of your practice is permanently listed on The Wall of Shame for violating HIPAA–including the offense, date, and number of individuals affected. Look through this chart for HIPAA violation case examples.

Get Compliant. Avoid Fines.

See how our software helps you avoid fines likes the ones listed below

Become HIPAA Compliant

2025 HIPAA Fines $4,335,566

4/10/25 Northeast Radiology, P.C. $350,000

In April 2025, OCR found that Northeast Radiology, P.C. failed to conduct an accurate and thorough risk analysis. Read more here.

3/21/25 Health Fitness Corporation $227,816

In March 2025, OCR found that Health Fitness Corporation failed to conduct an accurate and thorough risk analysis. Read more here.

3/6/25 Oregon Health & Science University $200,000

In early March 2025, OCR found that Oregon Health & Science University (OHSU) violated an individual’s right to timely access her medical records through a personal representative. Read more here.

1/15/25 Memorial Healthcare System $60,000

The patient first sought his records from Memorial Healthcare System on December 30, 2020. The requests he made included requests by mail, by phone, and through Memorial’s patient portal. Read more here.

1/15/25 Northeast Surgical Group $10,000

In March 2023, OCR received a breach report concerning a ransomware incident that had affected NESG’s information system. NESG concluded that the protected health information of 15,298 patients (NESG’s entire patient population) had been encrypted and exfiltrated from its network. Read more here.

1/14/25 Solara Medical Supplies $3,000,000

A phishing attack targeting Solara employee email accounts, a malactor was able to access their accounts from April to June 2019. Read more here.

1/8/25 USR Holdings, LLC. $337,750

USR noted that from August through December of 2018, a database containing the names of 2,903 individuals was accessed by an unauthorized third party. Read the details here.

1/7/25 Virtual Private Network Solutions $90,000

In late December of 2021, CSP business associate VPN Solutions filed a notice of breach with HHS. VPN filed the notice on behalf of twelve covered entities, each of which had delegated their regulatory responsibility to report PHI breaches to VPN. Read more here.

1/7/25 Elgon Information Systems $80,000

Back in March of 2023, an unknown actor gained access to a server on HIPAA business associate Elgon’s information system. The access was made possible because Elgon’s firewall had open ports. Read more here.

2024 HIPAA Fines $9,164,206

12/10/24 Inmediata Health Group, LLC. $250,000

A database of 1.5 million patients was left unsecured on the Internet –findable through search engines like Google. See the full details here.

12/4/24 Children’s Hospital Colorado $548,625

In two separate incidents, employees fell prey to phishing incidents, allowing hackers to access their accounts. See the full details here.

12/3/24 Gulf Coast Pain Consultants $1,190,000

A terminated contractor accessed the ePHI of 34,310 individuals. The contractor then filed medical claims for services that were not actually rendered, resulting in approximately 6,500 false Medicare claims. See the full details here.

11/26/24 Holy Redeemer Family Medicine $35,581

In September of 2023, OCR received a complaint that alleged Holy Redeemer impermissibly (without authorization) disclosed a female patient’s PHI to her prospective employer. See the full details here.

11/18/24 Rio Hondo Community Mental Health Center $100,000

OCR imposed the penalty because Rio Hondo failed to provide a patent with her medical records – for a full seven months – despite the patient’s repeated requests for access to the records. See the full details here.

10/31/24 Bryan County Ambulance Authority $90,000

14,273 patient records were encrypted in a ransomware incident. See the full details here.

10/31/24 Plastic Surgery Associates of South Dakota $500,000

Nine workstations and two servers were infected with ransomware. They paid hackers 2 Bitcoin for the return of patient files. See the full details here.

10/17/24 Gums Dental Care $70,000

In 2019, a patient filed a complaint with OCR, alleging Gums failed to provide her with timely access to her medical records after she requested them in writing. See the full details here.

10/3/24 Providence Medical Institute $240,000

Three separate ransomware attacks left 85,000 patient records encrypted and inaccessible by the institute. See the full details here.

9/26/24 Cascade Eye and Skin Centers $250,000

The investigation begun from a complaint involving 291,000 files containing PHI. The investigation found multiple violations stemming from the failure to conduct a risk analysis and insufficient monitoring against cyber attacks. See the full details here!

8/1/24 American Medical Response $115,000

A patient requested a copy of their medical records from American Medical Response (AMR). After several attempts, and AMR’s failure to provide the records, the patient issued a complaint with OCR. See the full details here!

7/1/24 Heritage Valley Health $950,000

OCR initiated a compliance review after the media reported that HVHS had experienced a ransomware attack. See the full details here.

4/1/24 Hackensack Meridian Health $100,000

In May 2020, a complaint was filed against Hackensack Meridian Health alleging that the skilled nursing facility failed to provide a patient’s personal representative with a copy of requested medical records. As a result of an OCR investigation, the records were provided in November 2020. See the full details here!

3/29/24 Phoenix Healthcare $35,000

The Complainant, the personal representative of a Phoenix patient, made multiple requests for her mother’s medical records in 2019. Only after OCR acted did Phoenix produce the requested records – 323 days after the first request was made. See the full details here.

2/21/24 Green Ridge Behavioral Health $40,000

submitted a breach report to OCR, informing the HIPAA enforcers that it had suffered an attack on its network server, compromising the PHI of more than 14,000 patients. See the full details here!

2/6/24 Montefiore Medical Center $4,750,000

The NYPD informed Montefiore Medical Center that there was evidence that patient information had been stolen from the hospital’s database. It turns out, the culprit was an employee.

For six months, the employee in question stole patient PHI and sold it to an identity theft ring. What’s worse is, the incident occurred two years prior to the NYPD informing them, putting into question the data security practices of Montefiore.

See the full details here!

2023 HIPAA Fines $4,176,500

Date	Organization	Fine Total	OCR Settlement Announcement
1/4/2023	Life Hope Labs	$16,500	Lab Pays $16,500 Settlement to HHS, Resolving Potential HIPAA Violation over Medical Records Request
2/2/2023	Banner Health	$1,250,000	HHS Office for Civil Rights Settles HIPAA Investigation with Arizona Hospital System Following Cybersecurity Hacking
5/8/2023	David Mente, MA, LPC	$15,000	HHS Office for Civil Rights Enters Into $15,000 Settlement Resolving Potential HIPAA Violation Under the Right of Access Initiative
5/16/2023	MedEvolve	$350,000	OCR Settles HIPAA Investigation with Business Associate
6/5/2023	Manasa Health Center	$30,000	HHS Office for Civil Rights Reaches Agreement with Health Care Provider in New Jersey That Disclosed Patient Information in Response to Negative Online Reviews
6/15/2023	Yakima Valley Memorial Hospital	$240,000	Employee Snooping Leads to $240,000 HIPAA Fine
6/28/2023	iHealth Solutions	$75,000	iHealth Solutions Resolves HIPAA Probe, Pays $75,000 Settlement to HHS Office for Civil Rights
8/24/2023	UnitedHealthcare	$80,000	UnitedHealthcare’s $80,000 HIPAA Resolution Unveils Secrets of Patient Medical Records
9/11/23	L.A. Care Health Plan	$1,300,000	HHS OCR Achieves Resolution with L.A. Care Health Plan in HIPAA Security Rule Case
10/31/23	Doctors’ Management Services	$100,000	OCR Did the Math, 200K Patients Exposed Equals a $100K Fine
11/20/23	St. Joseph’s Medical Center	$80,000	HHS Reaches $80K Settlement for PHI Disclosure to News Outlet
12/7/23	Lafourche Medical Group	$480,000	HHS Settled First Ever Phishing Investigation with Louisiana Medical Group
12/15/23	Optum Medical Care of New Jersey	$160,000	Optum Medical Care Settlement Marks OCR’s 46th Right of Access Enforcement Action







	2023 TOTAL:	$4,176,500

2022 HIPAA Fines $2,170,140

Date	Organization	Fine Total	OCR Settlement Announcement
3/28/2022	Dr. Donald Brockley, D.D.M	$30,000	Dr. Donald Brockley, D.D.M. HIPAA Enforcement Action
3/28/2022	Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A.	$50,000	Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI) HIPAA Enforcement Action
3/28/2022	Jacob and Associates	$28,000	Jacob and Associates HIPAA Enforcement Action
3/28/2022	Northcutt Dental	$62,500	Northcutt Dental-Fairhope, LLC (Northcutt Dental) HIPAA Enforcement Action
7/14/2022	Oklahoma State University	$875,000	Oklahoma State University – Center for Health Services Pays $875,000 to Settle Hacking Breach
7/15/2022	ACPM Podiatry	$100,000	ACPM Podiatry HIPAA Enforcement Action
7/15/2022	Associated Retina Specialists	$22,500	Associated Retina Specialists HIPAA Enforcement Action
7/15/2022	Dr. Lawrence Bell, D.D.S.	$5,000	Dr. Lawrence Bell, D.D.S. HIPAA Enforcement Action
7/15/2022	Coastal Ear, Nose, and Throat	$20,000	Coastal Ear, Nose, and Throat HIPAA Enforcement Action
7/15/2022	Danbury Psychiatric Consultants, LLC	$3,500	Danbury Psychiatric Consultants, LLC HIPAA Enforcement Action
7/15/2022	Erie County Medical Center Corporation	$50,000	Erie County Medical Center Corporation HIPAA Enforcement Action
7/15/2022	Fallbrook Family Health Center	$30,000	Fallbrook Family Health Center HIPAA Enforcement Action
7/15/2022	Hillcrest Commons Nursing and Rehabilitation	$55,000	Hillcrest Commons Nursing and Rehabilitation HIPAA Enforcement Action
7/15/2022	Melrose Walkefield Healthcare	$55,000	Melrose Walkefield Healthcare HIPAA Enforcement Action
7/15/2022	Memorial Hermann Health System	$240,000	Memorial Hermann Health System HIPAA Enforcement Action
7/15/2022	Southwest Surgical Associates, LLP	$65,000	Southwest Surgical Associates, LLP HIPAA Enforcement Action
8/23/2022	New England Dermatology and Laser Center	$300,640	Investigation Leads to $300,640 HIPAA Settlement and Corrective Action Plan
9/20/2022	Family Dental Care	$30,000	Trio of Dentist HIPAA Violations Leads to $135,000 in Settlements
9/20/2022	B. Steven L. Hardy, D.D.S.	$25,000	Trio of Dentist HIPAA Violations Leads to $135,000 in Settlements
9/20/2022	Great Expressions Dental Center of Georgia	$80,000	Trio of Dentist HIPAA Violations Leads to $135,000 in Settlements
12/14/2022	Dr. Brandon Au	$23,000	Impermissible disclosure of PHI
12/15/2022	Health Specialists of Central Florida Inc	$20,000	HHS Civil Rights Office Resolves HIPAA Right of Access Investigation with $20,000 Settlement
	2022 TOTAL:	$2,170,140

2021 HIPAA Fines $5,980,000

Date	Organization	Fine Total	OCR Settlement Announcement
1/12/2021	Banner Health	$200,000	OCR Settles Fourteenth Investigation in HIPAA Right of Access Initiative
1/15/2021	Lifetime Healthcare Companies	$5,100,000	Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People
2/10/2021	Renown Health, P.C	$75,000	OCR Settles Fifteenth Investigation in HIPAA Right of Access Initiative
2/12/2021	Sharp HealthCare	$70,000	OCR Settles Sixteenth Investigation in HIPAA Right of Access Initiative
3/24/2021	Arbour Hospital	$65,000	OCR Settles Seventeenth Investigation in HIPAA Right of Access Initiative
3/26/2021	Village Plastic Surgery	$30,000	OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative
5/25/2021	AEON Clinical Laboratories	$25,000	Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations
6/2/2021	The Diabetes, Endocrinology & Lipidology Center	$5,000	OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative
9/10/2021	Children’s Hospital & Medical Center	$80,000	OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement
11/30/2021	Advanced Spine & Pain Management (ASPM)	$32,150	Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access
11/30/2021	Denver Retina Center	$30,000	Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access
11/30/2021	Dr. Robert Glaser	$100,000	Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access
11/30/2021	Rainrock Treatment Center, LLC dba Monte Nido Rainrock (“Monte Nido	$160,000	Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access
11/30/2021	Wake Health Medical Group	$10,000	Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access





	2021 TOTAL:	$5,980,000

2020 HIPAA Fines $13,554,900

Date	Organization	Fine Total	Link to OCR Settlement
3/3/2020	The practice of Steven A. Porter, M.D	$100,000	Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements
7/23/2020	Metropolitan Community Health Services	$25,000	Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
7/27/2020	Lifespan Health System	$1,040,000	Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach
9/15/2020	Housing Works, Inc	$38,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	All Inclusive Medical Services, Inc	$15,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	Beth Israel Lahey Behavioral Services	$70,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	King MD	$3,500	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	Wise Psychiatry, PC	$10,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/21/2020	Athens Orthopedic Clinic PA	$1,500,000	Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules
9/23/2020	CHSPSC LLC	$2,300,000	HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals
9/25/2020	Premera Blue Cross	$6,850,000	Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People
10/7/2020	Dignity Health, DBA St. Joseph’s Hospital and Medical Center	$160,000	OCR Settles Eighth Investigation in HIPAA Right of Access Initiative
10/9/2020	NY Spine Medicine (NY Spine)	$100,000	OCR Settles Ninth Investigation in HIPAA Right of Access Initiative
10/28/2020	Aetna	$1,000,000	Aetna Pays $1,000,000 to Settle Three HIPAA Breaches
10/28/2020	Riverside Psychiatric Medical Group	$25,000	OCR Settles Tenth Investigation in HIPAA Right of Access Initiative
10/30/2020	City of New Haven, Connecticut	$202,400	City Health Department failed to terminate former employee’s access to protected health information
11/12/2020	Dr. Rajendra Bhayani	$15,000	OCR Settles Eleventh Investigation in HIPAA Right of Access Initiative
11/19/2020	University of Cincinnati Medical Center, LLC	$65,000	OCR Settles Twelfth Investigation in HIPAA Right of Access Initiative
12/22/2020	Elite Primary Care	$36,000	OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative
	2020 TOTAL:	$13,554,900

2019 HIPAA Fines $15,270,000

Date	Organization	Fine Total	Link to OCR Settlement
February 7, 2019	Cottage Health	$3,000,000	Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million
May 6, 2019	Touchstone Medical Imaging	$3,000,000	Tennessee Diagnostic Medical Imaging Services Company Pays $3,000,000 to Settle Breach Exposing Over 300,000 Patients’ Protected Health Information
May 23, 2019	Medical Informatics Engineering	$100,000	Indiana Medical Records Service Pays $100,000 to Settle HIPAA Breach – May 23, 2019
September 9, 2019	Bayfront Health St. Petersburg	$85,000	OCR Settles First Case in HIPAA Right of Access Initiative
October 2, 2019	Elite Dental Associates	$10,000	Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information
October 23, 2019	Jackson Health System	$2,150,000	OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System for HIPAA Violations
November 5, 2019	University of Rochester Medical Center	$3,000,000	Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement
November 7, 2019	Texas Health and Human Services Commission	$1,600,000	OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations
November 27, 2019	Sentara Hospitals	$2,175,000	OCR Secures $2.175 Million HIPAA Settlement after Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
December 12, 2019	Korunda Medical	$85,000	OCR Settles Second Case in HIPAA Right of Access Initiative
December 30, 2019	West Georgia Ambulance	$65,000	Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance
	2019 TOTAL:	$15,270,000

2018 HIPAA Fines $28,683,400

Date	Organization	Fine Total	Link to OCR Settlement
February 1, 2018	Fresenius Medical Care North America (FMCNA)	$3,500,000	Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules
February 13, 2018	Filefax, Inc.	$100,000	Consequences for HIPAA violations don’t stop when a business closes
June 18, 2018	The University of Texas MD Anderson Cancer Center	$4,348,000	Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations
September 20, 2018	Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH)	$999,000	Unauthorized Disclosure of Patients’ Protected Health Information During ABC Television Filming Results in Multiple HIPAA Settlements Totaling $999,000
October 16, 2018	Anthem	$16,000,000	Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History
November 26, 2018	Allergy Associates of Hartford, P.C.	$125,000	Allergy practice pays $125,000 to settle doctor’s disclosure of patient information to a reporter
December 4, 2018	Advanced Care Hospitalists PL (ACH)	$500,000	Florida contractor physicians’ group shares protected health information with unknown vendor without a business associate agreement
December 11, 2018	Pagosa Springs Medical Center (PSMC)	$111,400	Colorado hospital failed to terminate former employee’s access to electronic protected health information
December 12, 2018	Cottage Health	$3,000,000	Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million
	2018 TOTAL:	$28,683,400

2017 HIPAA Fines $20,393,200

Date	Organization	Fine Total	Link to OCR Settlement
January 9, 2017	Presence Health	$475,000	First HIPAA enforcement action for lack of timely breach notification settles for $475,000
January 18, 2017	MAPFRE	$2,200,000	HIPAA settlement demonstrates importance of implementing safeguards for ePHI
February 1, 2017	Children’s Medical Center of Dallas	$3,200,000	Lack of timely action risks security and costs money
February 16, 2017	Memorial Healthcare Systems	$5,500,000	$5.5 million HIPAA settlement shines light on the importance of audit controls
April 12, 2017	Metro Community Provider Network (MCPN)	$400,000	Overlooking risks leads to breach, $400,000 settlement
April 20, 2017	The Center for Children’s Digestive Health (CCDH)	$31,000	No Business Associate Agreement? $31K Mistake
April 24, 2017	CardioNet	$2,500,000	$2.5 million settlement shows that not understanding HIPAA requirements creates risk
May 10, 2017	Memorial Hermann Health System (MHHS)	$2,400,000	Texas health system settles potential HIPAA violations for disclosing patient information
May 23, 2017	St. Luke’s Roosevelt Hospital System Inc.	$387,200	Careless handling of HIV information jeopardizes patient’s privacy, costs entity $387k
June 7, 2017	Rite Aid	$1,000,000	Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case
December 18, 2017	21st Century Oncology	$2,300,000	$2.3 Millon Levied for Multiple HIPAA Violations at NY-Based Provider
	2017 TOTAL:	$20,393,200

2016 HIPAA Fines $23,504,800

Date	Organization	Fine Total	Link to OCR Settlement
February 3, 2016	Lincare, Inc.	$239,800	Administrative Law Judge rules in favor of OCR enforcement, requiring Lincare, Inc. to pay $239,800
February 16, 2016	Physical Therapy	$25,000	Physical therapy provider settles violations that it impermissibly disclosed patient information
March 16, 2016	North Memorial	$1,550,000	$1.55 million settlement underscores the importance of executing HIPAA business associate agreements
March 17, 2016	Feinstein Research	$3,900,000	Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
April 20, 2016	Raleigh Orthopaedic	$750,000	$750,000 settlement highlights the need for HIPAA business associate agreements
April 21, 2016	New York Presbyterian	$2,200,000	Unauthorized Filming for “NY Med” Results in $2.2 Million Settlement with New York Presbyterian Hospital
June 29, 2016	Catholic Health Services of Philadelphia	$650,000	Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement
July 18, 2016	Oregon Health & Science University	$2,700,000	Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University
July 21, 2016	University of Mississippi Medical Center	$2,750,000	Multiple alleged HIPAA violations result in $2.75 million settlement with the University of Mississippi Medical Center (UMMC)
August 4, 2016	Advocate Health	$5,550,000	Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million
September 23, 2016	Care New England Health System	$400,000	HIPAA settlement illustrates the importance of reviewing and updating, as necessary, business associate agreements
October 17, 2016	St. Joseph’s	$2,140,000	$2.14 million HIPAA settlement underscores importance of managing security risk
November 22, 2016	UMass	$650,000	UMass settles potential HIPAA violations following malware infection
	2016 TOTAL:	$23,504,800

2015 HIPAA Fines $6,193,000

Date	Organization	Fine Total	Link to OCR Settlement
April 22, 2015	Cornell Prescription Pharmacy	$125,000	HIPAA Settlement Highlights the Continuing Importance of Secure Disposal of Paper Medical Records
June 10, 2015	St. Elizabeth’s Medical Center	$218,000	HIPAA Settlement Highlights Importance of Safeguards When Using Internet Applications
August 31, 2015	Cancer Care Group, P.C.	$750,000	750,000 HIPAA Settlement Emphasizes the Importance of Risk Analysis and Device and Media Control Policies
November 24, 2015	Lahey Hospital and Medical Center	$850,000	HIPAA Settlement Reinforces Lessons for Users of Medical Devices
November 30, 2015	Triple-S Management	$3,500,000	Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement
December 14, 2015	University of Washington Medicine	$750,000	$750,000 HIPAA Settlement Underscores the Need for Organization Wide Risk Analysis
	2015 TOTAL:	$6,193,000

What is the Penalty for a HIPAA Violation?

HIPAA violations, like violation of the HIPAA privacy rule, cost your practice. The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time of the HIPAA violation. These fines and consequences can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. View our HIPAA fines chart below for the full HIPAA fines list.

OCR has also levied criminal charges for HIPAA violations in the past. Director of OCR, Jocelyn Samuels, went on record in February of 2016, saying that: