By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Can Thinking Younger Make You Live Longer?
    April 20, 2011
    Image
    Obesity’s Outlook Unchanged
    June 13, 2011
    When It’s An Emergency Elderly Not Treated As Well in Hospitals
    July 16, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: What Is the Penalty for a HIPAA Violation?
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Business > What Is the Penalty for a HIPAA Violation?
BusinesseHealthPolicy & LawTechnology

What Is the Penalty for a HIPAA Violation?

tswann
Last updated: February 11, 2014 9:00 am
tswann
Share
6 Min Read
SHARE

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.

Contents
Unencrypted DataEmployee ErrorData Stored on DevicesBusiness Associates

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.

Fines will increase with the number of patients and the amount of neglect. Starting with a breach where you didn’t know and, by exercising reasonable diligence, would not have known that you violated a provision. To the other end of the spectrum where a breach is due to negligence and not corrected in 30 days. In legalese, this is known as mens rea (state of mind). So fines increase in severity from no mens rea (didn’t know) to assumed mens rea (willful neglect).

The fines and charges are broken down into 2 major categories: “Reasonable Cause” and “Willful Neglect”. Reasonable Cause ranges from $100 to $50,000 per incident and does not involve any jail time. Willful Neglect ranges from $10,000 to $50,000 for each incident and can result in criminal charges.

More Read

Medical Innovation – Big Data and Patient Engagement
Physicians to Lead ACOs, AMA Says
Healthcare Software Testing for Seamless Stakeholders Experience
New York City Soda Ban is a Hard Swallow
Hurricane Preparedness Tips for Older Adults & Caretakers

HIPAA violation categories and their respective penalty amounts are outlined in the chart below:

ViolationAmount per violationViolations of an identical provision in a calendar year
Did Not Know$100 – $50,000$1,500,000
Reasonable Cause$1,000 – $50,000$1,500,000
Willful Neglect — Corrected$10,000 – $50,000$1,500,000
Willful Neglect — Not Corrected$50,000$1,500,000

Source: HHS, Federal Register.gov

Unencrypted Data

Addressable does not mean optional. This is a point that we made in a previous post How do I become HIPAA compliant? (a checklist), but it cannot be stressed enough. The vast majority of data breaches are due to stolen or lost data that was unencrypted. When in doubt, you should implement the addressable implementation specifications. Most of them are best practices.

Employee Error

Breaches can occur when employees lose unencrypted portable devices, mistakenly send PHI to vendors who post that information online, and disclose personally identifiable, sensitive information on social networks. All examples from actual cases. Employee training and adherence to security policies and procedures is extremely important.

Data Stored on Devices

Almost half of all data breaches are the result of theft. When laptops, smartphones, etc. are unencrypted the risk of a breach increases considerably. With TrueVault, your data is safely stored off-premise; so that stolen laptop just has a token on it, and no PHI is compromised.

Business Associates

Almost two-thirds of data breaches involved a business associate. Meaning that you delegated a covered function or activity to someone, and that someone messed up. So pick your partners carefully. Some of the largest breaches reported to HHS have involved business associates. As a result, the final omnibus rule expanded many of the requirements to business associates and greatly enhanced the government’s ability to enforce the law.

What sort of penalties are we talking about? Check out this chart with fines levied in years past:

Entity FinedFineViolation
CIGNET$4,300,000Online database application error.
Alaska Department of Health and Human Services$1,700,000Unencrypted USB hard drive stolen, poor policies and risk analysis.
WellPoint$1,700,000Did not have technical safeguards in place to verify the person/entity seeking access to PHI in the database. Failed to conduct a tech eval in response to software upgrade.
Blue Cross Blue Shield of Tennessee$1,500,00057 unencrypted hard drives stolen.
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates$1,500,000Unencrypted laptop stolen, poor risk analysis, policies.
Affinity Health Plan$1,215,780Returned photocopiers without erasing the hard drives.
South Shore Hospital$750,000Backup tapes went missing on the way to contractor.
Idaho State University$400,000Breach of unsecured ePHI.
Shasta Regional Medical Center$275,000Inadequate safeguarding of PHI from impermissible uses and disclosures.
Phoenix Cardiac Surgery$100,000Internet calendar, poor policies, training.
The Hospice of Northern Idaho$50,000Breach of unsecured ePHI. Unencrypted laptop stolen, no risk analysis.

Source: HHS, Case Examples and Resolution Agreements

Looking at this chart we can conclude that HHS does not like people storing unencrypted PHI on mobile devices. What we don’t see yet are fines levied against business associates. 2014 is the first year where business associates will be audited and fined. Smart money says that the first fines levied against business associates will be passed down toward the end of this year.

If this article makes you nervous, then this might be a good time to revisit your organization’s HIPAA compliance program. The good news is that not every PHI breach ends in a fine. If you can show that you have made a reasonable effort to comply with HIPAA then you may not be dinged.

TAGGED:HIPAAHIPAA violationspatient privacy
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

healthcare social media review
eHealthSocial Media

Healthcare Social Media Review #53

May 17, 2014

Digital health at Walgreens: Podcast interview with Adam Pellegrini

September 9, 2015
top social media hospitals
eHealthHospital AdministrationSocial Media

Your Hospital Social Media Benchmark: How Do You Rank?

November 21, 2014
Image
Mobile Health

Mobile Health Around the Globe: Barcelona – Mobile World Capital

March 14, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?