Working in healthcare requires a good working knowledge of HIPAA rules. It requires diligence to ensure compliance with HIPAA rules. When HIPAA rules are violated, there are consequences, whether a healthcare employee does it accidentally or knowingly. The penalty for violating HIPAA depends on:
- the type of violation
- the severity of violation
- the harm it caused to others
- how much you knew about the violated HIPAA rules
If a healthcare employee was unaware that he violated HIPAA rules by mistake, it is considered as a minor violation. If no harm resulted, the violation can be take care of internally. He will probably be given a verbal or written warning plus additional training on HIPAA compliance. But in cases where HIPAA rules violation is serious and intentional, meaning the violating employee knows about it, he will likely be terminated. If he’s a licensed professional, his violation may be reported to the respective licensing board. His license may be suspended or made void.
Civil penalties may be issued by the Department of Health and Human Services’ Office for Civil Rights as a result of HIPAA violations. When there are complaints about potential HIPAA violations submitted to OCR, the agency investigates them for data breaches. When found to be in violation, the employee will get the appropriate civil penalties, normally depending on his knowledge of the violated HIPAA rules. Below are the details of the four tiers for civil penalties that OCR follows.
|
Tier |
Penalty |
Who |
|
Tier 1 |
$100 per violation up to $25,000 for repeat violations |
Individuals who did not know about the violation of the HIPAA Rules |
|
Tier 2 |
$1,000 per violation up to $100,000 for repeat violations |
Individuals with reasonable cause |
|
Tier 3 |
$10,000 per violation up to $250,000 for repeat violations |
Individuals who willfully neglected the HIPAA rules when the violation has been corrected in a required time frame |
|
Tier 4 |
$50,000 per violation up to $1.5 million for repeat violations |
Individuals who willfully neglected HIPAA rules with no attempt to correct the violation |
Some cases of violation may be referred to the Department of Justice by the OCR when there are potential criminal violations of HIPAA Rules. These cases are rare but it’s possible when healthcare employees willfully violate HIPAA rules. Below are the details of the tiers for criminal penalties.
|
Tier |
Penalty |
Reason |
|
Tier 1 |
Up to $50,000 plus up to 1 year in jail |
Negligence or reasonable cause |
|
Tier 2 |
Up to $100,000 plus up to 5 years in jail |
False pretenses |
|
Tier 3 |
Up to $250,000 plus up to 10 years in jail |
Personal gain or malicious intent |