violation penalties (HIPAA)

Per section 1177 of HIPAA, a person who knowingly

  • uses a unique health identifier, or causes one to be used;
  • obtains individually identifiable health information relating to an individual; or
  • discloses individually identifiable health information to another person;

is in violation of HIPAA regulations. Such persons are subject to the following penalties:

  • a fine of up to $50,000, or up to 1 year in prison, or both;
  • if the offense is committed under false pretenses, a fine of up to $100,000, up to 5 years in prison, or both;
  • if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine up to $250,000, or up to 10 years in prison, or both.

HIPAA also provide for civil fines to be imposed by the Secretary of DHHS "on any person" who violates a provision of it. The maximum is $100 for each violation, with the total amount not to exceed $25,0000 for all violations of an identical requirement or prohibition during a calendar year.

Last modified: 11-May-2005 [RC]

 
 

   © 2002-2006 Contributing authors and University of Miami School of Medicine