›› HIPAA – Penalties for Violations

img/hipaa.jpgThe Health Insurance Portability and Accountability Act of 1996 (HIPAA)  is a benevolent law which aims at providing care, security and privacy to all those covered under medial insurance cover in the US. HIPAA is applicable to certain ‘covered entities’ which mean and include doctors, nurses, para-medics, hospital and insurers’ staff, and all those who handle a patients private health data for any reason what so ever and whatever be their name. All health insurance plans issued publicly or privately, third party insurance clearing houses and all such entities which handle patient data whether electronically or in physical format, in some way or the other are included in the definition of ‘covered entity’.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)  is very strict on defaulters in compliances and violators of the privacy and security which is provided for in the Act. HIPAA deals with offenders with an Iron hand and provide for heavy penalties. Non-compliance of the HIPAA rules and regulations may lead to even disruptions in an entity’s’ day-to-day working processes, resulting in extensive intangible and tangible costs. The most serious impact of non-compliance of HIPAA regulations for any entity is the loss of ability to effectively and securely conduct electronic business results in potential loss of significant business due to sanctions which may be imposed for such noncompliance on the offending entities under the regulations of HIPAA. The penalty for non-compliance of the regulations can go up to $100 per person for each violation up to a maximum of $25,000 per year. 

Penalty for willfully and knowingly disclosing a patients private health information can go up to $50,000 per violation and /or one year imprisonment for a simple offense; or up to $100,000 per violation and/or five years imprisonment if the offense is proved to be “under false pretenses”; The penalty may go up to $250,000 and/or ten years imprisonment if the violations is committed with intention to transfer, sell, or commercially use the data for personal gain and/or malicious harm.