What Happens if You Breach HIPAA Rules?
HIPAA requires covered groups to supply training to employees to make sure they are aware of HIPAA rules and regulations. During HIPAA training, healthcare staff should be conscious of the possible fines for HIPAA breaches, but what are those fines and what happens if you breach HIPAA Rules?
What Takes Place if You Breach HIPAA Regulations?
If you breach HIPAA Regulations there are four possible results:
- The breach could be dealt with directly by an employer
- You might be sacked
- You might face financial penalties from professional boards
- You might face criminal proceedings which include financial penalties and imprisonment
What takes place if you break HIPAA Rules will depend on the extent of the violation. The actions of employers, professional boards, federal regulators, and the Department of Justice will depend on several things:
- The extent of the breach
- Whether there was an awareness that HIPAA rules were being breached, or by using due diligence, it should have been clear that HIPAA Rules were being breached
- Whether action was taken to address the breach
- Whether there was malicious aims or HIPAA Rules were violated for personal profit
- The damage inflicted by the breach(es)
- The amount of people affected by the HIPAA Breach
- Whether the criminal provision of HIPAA was breached
Civil Financial Penalties for HIPAA Breaches
Civil financial penalties for HIPAA breaches begin at $100 per breach by any individual who violates HIPAA Rules. The fine can go up as high as $25,000 if there have been multiple violations of the same sort. These financial penalties are applied when the person was aware that HIPAA Rules were being breached or should have been aware had due diligence been employed. If there was no conscious neglect of HIPAA Rules and the violation was addressed within 30 days from when the staff member knew that HIPAA Rules had been violated, civil fines will not apply.
Criminal Financial Penalties for HIPAA Breaches
The criminal financial penalties for HIPAA breaches can be major. The minimum fine for willful breaches of HIPAA Rules is $50,000. The highest possible criminal penalty for a HIPAA violation by a person is $250,000. Restitution may also need to be paid to the those impacted. Along with to the criminal financial penalty, a prison sentence is likely for a criminal violation of HIPAA Rules.
As with the sanctions for HIPAA breaches for HIPAA covered groups and business associates, there are penalty levels.
Criminal data breaches that happen due to negligence can lead to a prison term of up to 12 months. Obtaining protected health information under false pretenses can result in a longest possible prison term of five years. Consciously breaching HIPAA Rules with malicious intent or for personal profit can lead to a prison sentence of up to 10 years in jail. There could also be a mandatory two-year jail term given for aggravated identity theft.