Frequently Asked Questions : Privacy

Are there penalties for failure to comply with HIPAA?

Yes. There are both civil and criminal penalties for failure to comply with HIPAA regulations. They are as follows:

General penalty for failure to comply:

  • Each violation: $100 penalty.
  • The maximum penalty for all violations of an identical requirement may not exceed $25,000 per year.

Wrongful disclosure of individually identifiable health information:

  • Wrongful disclosure offense: $50,000 penalty, imprisonment of not more than one year, or both.
  • Offense under false pretenses: $100,000 penalty, imprisonment of not more than five years or both.
  • Offense with intent to sell information: $250,000 penalty, imprisonment of not more than 10 years or both.

In addition to these penalties, covered entities who fail to comply with HIPAA may be subject to loss of goodwill, credibility, public trust and revenue.