What Happens to Healthcare Employees Who Violate HIPAA Rules?

Working in healthcare requires a good working knowledge of HIPAA rules.  It requires diligence to ensure compliance with HIPAA rules. When HIPAA rules are violated, there are consequences, whether a healthcare employee does it accidentally or knowingly.  The penalty for violating HIPAA depends on:

  • the type of violation
  • the severity of violation
  • the harm it caused to others
  • how much you knew about the violated HIPAA rules

If a healthcare employee was unaware that he violated HIPAA rules by mistake, it is considered as a minor violation. If no harm resulted, the violation can be take care of internally. He will probably be given a verbal or written warning plus additional training on HIPAA compliance. But in cases where HIPAA rules violation is serious and intentional, meaning the violating employee knows about it, he will likely be terminated. If he’s a licensed professional, his violation may be reported to the respective licensing board. His license may be suspended or made void.

Civil penalties may be issued by the Department of Health and Human Services’ Office for Civil Rights as a result of HIPAA violations. When there are complaints about potential HIPAA violations submitted to OCR, the agency investigates them for data breaches. When found to be in violation, the employee will get the appropriate civil penalties, normally depending on his knowledge of the violated HIPAA rules. Below are the details of the four tiers for civil penalties that OCR follows.




Tier 1

$100 per violation up to $25,000 for repeat violations

Individuals who did not know about the violation of the HIPAA Rules

Tier 2

$1,000 per violation up to $100,000 for repeat violations

Individuals with reasonable cause

Tier 3

$10,000 per violation up to $250,000 for repeat violations

Individuals who willfully neglected the HIPAA rules when the violation has been corrected in a required time frame

Tier 4

$50,000 per violation up to $1.5 million for repeat violations

Individuals who willfully neglected HIPAA rules with no attempt to correct the violation

Some cases of violation may be referred to the Department of Justice by the OCR when there are potential criminal violations of HIPAA Rules. These cases are rare but it’s possible when healthcare employees willfully violate HIPAA rules. Below are the details of the tiers for criminal penalties.




Tier 1

Up to $50,000 plus up to 1 year in jail

Negligence or reasonable cause

Tier 2

Up to $100,000 plus up to 5 years in jail

False pretenses

Tier 3

Up to $250,000 plus up to 10 years in jail

Personal gain or malicious intent

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA