HIPAA violation fines

HIPAA Violation Fines and Penalties: What Are They in 2020?

HIPAA, or the Health Insurance Portability and Accountability Act, was put in place to protect the rights and confidentiality of patients. 

Violating HIPAA is a big deal for medical professionals, and there are hefty fines associated with it. If you work in the healthcare industry, it’s important to stay up-to-date with evolving HIPAA regulations, violations, and their corresponding fines.

Fines may increase as the years go by, and they have increased for 2020. If you’re not up to date on HIPAA penalties, continue reading to learn all about HIPAA violation fines and punishments.

What is a HIPAA Violation?

HIPAA helps to protect the private health information of patients and health plan members. Any breach in this protection, whether purposeful or not, can be considered a HIPAA violation.

There are hundreds of ways that HIPAA can be violated, and healthcare professionals are expected to be aware of them so that they don’t run into problems. Professionals are trained to comply with HIPAA standards and provisions to ensure the safety of private data and health information of their patients.

What Happens if You Violate HIPAA?

In short, it varies.

Not all HIPAA violations are the same. Rather, there are different levels of violations that are taken into consideration when the penalty is being discussed. 

Not all violations are equal, and intentions factor in. If the act was willful or willfully negligent, it’s likely that the penalty is going to be higher. If it was accidental or unavoidable, the penalty is going to be lower. 

Penalties range from being only financial to being more criminal in nature. It all depends on the nature of the violation and the intention behind it, as well as any steps that were taken within an acceptable timeframe to rectify the situation.

Level 1

Level 2 violations are going to carry the lowest penalties. These violations are ones that couldn’t be avoided. The entity or person in question could have been ignorant of the violation and (even with all due diligence) not known about it in time. 

Level 2

Level 2 violations are still not purposeful. There was a reasonable cause for the violation, and the entity or individual should have known about it before a violation took place. 

Level 3

Level 3 violations begin to get more serious. For a level 3 violation, the action had to have been willfully negligent. That said, the violation was corrected within an acceptable time limit (or within 30 days) so the penalty is softened.

Level 4

These have the highest penalties for HIPAA violations. For a level 4 violation, the action had to have been willful or willfully negligent. There also must have been no timely attempt to rectify the situation. 

What Are the HIPAA Violation Fines?

The penalties vary based on the level of violation. Each financial penalty is per violation, so if multiple breaches happened at once, they can add up to a significant number. For the purpose of this, consider the penalty for a single violation. 

The cost of civil monetary penalties has gone up in 2020, so it’s important to keep updated if you’re in the healthcare industry.

Level 1 Violations: The minimum penalty is $119, while the maximum penalty is $59,522. The maximum amount that can be charged during a single calendar year is $1,785,651.

Level 2 Violations: For the next tier, the minimum penalty is $1,191, and the maximum penalty is $59,522. The penalty cap for the year is $1,785,651.

Level 3 Violations: For this level, the minimum penalty rises to $11,904 while the maximum penalty rises again to $59,522. The cap for the penalty is $1,785,651.

Level 4 Violations: For the highest tier of violations, the penalty begins at $59,522. The maximum and the calendar year cap are both $1,785,651.

For lower-level violations, the employee (if it was an individual) may also lose their job, or be subject to intensive further training and observation in order to maintain their position in the hospital or office. For willful violations, the employee is almost certain to lose their position.

Are There Criminal Penalties for HIPAA Violations?

In some situations, there’s more to a penalty than simple HIPAA violation vines. Some HIPAA violations are considered criminal offenses and can result in jail time. Offenses like these are nearly always willful and generally intended to cause some kind of harm.

For example, if a healthcare professional knowingly shared private health information for financial gain, this would be a criminal offense against HIPAA. All use or disclosure of private healthcare information has to be covered by the HIPAA privacy rule. 

Criminal HIPAA violations have their own tier system to designate levels and punishments.

Level 1: The person or entity had reasonable cause for the violation or was unaware of the violation. This can end in one year in prison.

Level 2: The person or entity was obtaining private health information under false pretenses. This can end in up to five years in prison.

Level 3: The person or entity was obtaining private health information for personal use or gain, or with malicious intent. This can end in up to ten years in prison. 

Are You Up to Date with HIPAA Penalties in 2020?

If you work in medicine, it’s important to keep yourself and your staff updated with changes in HIPAA regularly. Many HIPAA violations are accidental, but the HIPAA violation fines will still impact the staff and practice and could end in imprisonment. 

Having medical staff brush up on their HIPAA training regularly and keeping close tabs on private medical data is a good way to avoid any violations and penalties, especially in a time where there are more hackers and data breaches than ever. There is a hacker attack every 39 seconds and this breach, while not purposeful, could land you in trouble.

For more information on HIPAA and how to protect yourself from violations, check out our site. 

Leave a Comment

HIPAA Security Reminders

 

HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Subscribe!