5.3 PENALTIES

Previous page
Table of content
Next page

5.3 PENALTIES

HIPAA provides for civil and criminal penalties for failing to comply with the regulation as previously stated. These penalties are authorized under 42 U.S.C. § § 1320d-5 & 1320d-6 of the HIPAA regulation. How the penalties are enforced and the degree to which they are enforced is based on the actions a covered entity took as soon as they became aware of violations involving the HIPAA rule.

5.3.1 Civil Penalties [5]

Fines begin at $100.00 per violation not to exceed a maximum of $25,000 per year per person for the same violation. When accessing fines , consideration is given when:

  • the person liable for the penalty did not know, and by exercising reasonable diligence would not have known, that such person violated the provision

  • the failure to comply was due to reasonable cause and not to willful neglect

  • the failure is corrected within thirty days of the date that the person (or organization) liable for the penalty knew, or by exercising reasonable diligence would have known, of the failure

    The Secretary of the Department of Health and Human Services can also:

  • extend the time period for compliance

  • provide technical assistance to meet compliance

  • waive or reduce penalties based on the nature and extent of a compliance failure, and whether the failure was due to reasonable cause and not neglect

5.3.2 Criminal Penalties [6]

The consequences for criminal violations of the HIPAA rule include fines and imprisonment. The severity of the penalty is based on the person's intent when the violation occurred.

If a person discloses or obtains protected health information under false pretences penalties:

  • begin at

    • $50,000 fine

    • one year of imprisonment

    • or both

  • escalate to

    • $100,000 fine

    • five years imprisonment

    • or both

Stricter consequences occur if the person's intent was to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm. The penalties for these actions:

  • $250,000 fine

  • ten years imprisonment

  • or both

5.3.3 Unintended Consequences

The HIPAA rule is not meant to supercede State Law. Whenever a State's privacy rule is stricter, the state rule will remain in force. If there is no State law, the HIPAA rule will be used as the basis for protecting an individual's health information. Covered entities working with their legal representative are encouraged to develop comprehensive policies and procedures based on the HIPAA rule and their State's privacy and security laws to protect them from possible litigation.

Metropolitan areas offer individuals a broader choice of covered entities. It is easy for them to change providers based on a perception of non-compliance with the HIPAA rules. In smaller communities where the customer base does not support multiple vendors , individuals will choose the provider who maintains their protected health information and force other providers out of business.

[5] 42 U.S.C. § §1320d-5

[6] 42 U.S.C. § §1320d-6



Previous page
Table of content
Next page
HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Metrics and Models in Software Quality Engineering (2nd Edition)
Software Configuration Management
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy