HIPAA Violations- What one can do and what one can’t?

You're reading HIPAA Violations- What one can do and what one can’t?, posted on Thursday, March 10th, 2011 at 5:09 am in HIPAA, on BrainBloggers at the Stay Healthy blog. More after the jump.

HIPAA violations are not just civil but can also have criminal intentions. To know if a medical act falls under HIPAA violations, one can report the activity to the concerned authority such as the Office Of Civil Rights.

HIPAA is not only an integral part of health organization, but to emphasise its importance, in case the regulations of this law are violated, one can face a sizeable penalty. This Act is sorely for the safeguard of confidential medical information that may be transferred from one source to another. HIPAA violations may lead to both, criminal and civil penalties. First, the civil penalties:

On February 17, 2009, the American Recovery and Reinvestment Act was signed. This established a tiered civil penalty setup for HIPAA violations. There has been several discretions on the part of the Secretary of the Department of Health and Human Services, when it comes to determining the amount of the penalty based on the extent and the nature of the violation and the harm occured due to the violation. The Secretary is refrained from imposing penalties if the violation is corrected within a month (the duration may be elastic). A tentative table has been provided below to illustrate the penalties attached to the violation:

  • HIPAA Violations (Ignorance of the individual and guilty of reasonable diligence was not aware of the violation)- The minimum penalty is $100 per violation, with an annual fine of $25 000 for repeat violation. It can be imposed by the State Attorneys General and the maximum penalty can go upto $50,000 per violation, with an annual maximum of $1.5 million.
  • HIPAA Violation (due to reasonable cause and not wilful neglect)- The minimum penalty can go upto $1000 per violation with an annual maximum of $100,000 for repeat violations and the maximum can go upto $50,000 per violation with an annual maximum of $1.5 million.
  • Violation caused due to willful neglect and the violation should be corrected within the required time period- The minimum penalty is $10,000 per violation with an annual maximum penalty of $250,000for repeat violations whereas the maximum penalty is $50,000 per violation with an annual maximum of $1.5 million.
  • Violation is due to wilful neglect and not corrected- The minimum penalty is $50,000 per violation with an annual maximum penalty of $1.5 million and the maximum penalty is $50,000 per violation with an annual maximum of $1.5 million.

Next, come the criminal penalties. The Department of Justice is very clear about what kind of neglect comes under criminal penalties. Covered entities and specified individuals as explained below who obtain health information of an individual “with full knowledge” violates the Administrative Simplification Regulations. They may face a penalty which may go upto $50,000 and imprisonment for a year. Offenses that include the charges of “false pretenses” may be increased upto $100,000 fine with 5 years in prison. And the charges with the intent to sell, transfer or use individually identifiable health information for malicious harm or personal gain or individually identifiable health information and so on may attract fines upto $250,000 and imprisonment for upto ten years.

People must remember that HIPAA is a Federal law and the penalty for HIPAA violations is a felony. To put it in simpler terms, one can lose his fundamental rights and without these basic rights, one may end up being treated as an alien in one’s own country.