185,000,000
11,000,000
700,000
12,500
10,000
10
??
These audits focus on verifying noncompliance with HIPAA privacy, security, and OMNIBUS rules. Violation penalties are based on the level of negligence and can range from $100 – $50,000 per violation or per patient record, with a maximum penalty of $1.5million per year. Criminal charges resulting in jail time are also possible.
The fines and charges have two major categories: “Reasonable Cause” and “Willful Neglect.” Reasonable Cause ranges from $100 to $50,000 per incident and does not involve any jail time. Willful Neglect ranges from $10,000 to $50,000 per incident and may result in criminal charges as well.
HIPAA violation categories and their respective penalties:
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “Electronic Protected Health Information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
Source: Summary of the HIPAA rules and ePHI
