Module 1: Introduction to HIPAA
Module 2: Fundamentals of PHI
Module 3: The Privacy Rule – Uses, Disclosures, and Compliance
Module 4: The Security Rule – Uses, Disclosures, and Compliance
1 of 3

3.10 Penalties for Noncompliance with the Privacy Rule

If covered entities don’t voluntarily comply with the Privacy Rule, they risk receiving civil money penalties, while some infractions may even result in criminal charges.

Civil Money Penalties

In this case, the severity of the penalties will depend on various elements, including the timing of the violation, if the covered entity was aware of the non-compliance, or if the covered entity’s non-compliance was brought on by willful neglect.

Criminal Penalties

A criminal fine of up to $50,000 and up to one year in jail might be imposed on someone who intentionally acquires or publishes PHI against the Privacy Rule.

If the wrongful conduct involves fake identities, the criminal penalties rise to $100,000 and up to five years in prison.

Furthermore, if the wrongful conduct includes the intent to sell, transmit, or use patient data for financial benefit, personal gain, or malicious harm, the penalty may rise to $250,000 and up to almost ten years in prison.

Notify of
0 Discussions
Inline Feedbacks
View all comments
Post a comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Would love your thoughts, please comment.x