Organizations that work in healthcare have an obligation to train employees on HIPAA rules. Employee training ensures that employees working with protected health information (PHI) understand the requirements of HIPAA and the penalties they may face for failing to follow HIPAA rules. The penalties for violating HIPAA rules are discussed below.

Avoid HIPAA fines by becoming HIPAA compliant today!

Repercussions of Violating HIPAA Rules

Depending on the nature of the HIPAA violation, penalties for the violation vary. Disciplinary actions may be determined by an employer, federal regulators, professional boards, and the Department of Justice. 

Imposed penalties are determined by the following:

The nature of the violation

Whether or not the employee was aware that HIPAA rules were being violated

Whether or not the employee took action to correct the violation

Whether or not there was malicious intent, or the violation contributed to personal gain

The nature of harm caused by the violation

How many people were impacted by the violation

Whether or not the incident violated the criminal provision of HIPAA

Employees that violate HIPAA rules can face the following penalties:

Employers can deal with the violation internally

The employee could face termination

Professional boards could issue employee sanctions

Criminal charges could be imposed, including fines and imprisonment

Criminal Repercussions for Breaking HIPAA Rules

Employees that intentionally break HIPAA rules can be fined $50,000 – $250,000, and that doesn’t include potential restitution to victims. Employees may also be subject to jail time; employees that commit aggravated identity theft are subject to a mandatory two-year imprisonment.

Other criminal violation penalties are categorized into three tiers:

Negligence: up to 1 year jail time 

Falsely obtaining protected health information: up to 5 years jail time 

Malicious intent or personal gain: up to 10 years jail time

Civil Repercussions for Breaking HIPAA Rules

Civil penalties apply when an employee was aware that they violated HIPAA, or they would have been aware had they exercised due diligence. Fines for civil penalties can be anywhere from $100 – $25,000, depending on whether or not there were multiple violations. If the employee corrected the violation within 30 days of discovery, and did not commit willful neglect, the employee is not subject to civil penalties. 

Need Help with HIPAA?

Let our complete HIPAA solution handle it.