What Happens if You Violate HIPAA?

You’ve heard of HIPAA laws, and you know it’s wrong to violate them. But do you know what happens if you violate HIPAA?

A HIPAA violation is a serious situation, and there are many different forms it can take. If the laws get violated, you can get in serious trouble, and so can the office you work for.

As with most legal issues, HIPAA violations can be complicated. In this guide to what happens if you violate HIPAA, we’ll clear things up so you’ll know how to avoid trouble. Keep reading to learn how to keep your practice safe.

What Are HIPAA Laws?

If you don’t thoroughly understand the laws, it will be hard to avoid a violation.

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, exists to protect health practitioners and patients. Although there are many different aspects of these laws, the most important factor is privacy. HIPAA sets a national standard for keeping individual patient health information private.

Under the privacy rule, healthcare providers are responsible for taking the right precautions to ensure information about patients stays private. There are only certain ways medical information can be used or disclosed without patient permission.

This privacy rule also gives patients the rights to govern their health information. For example, patients are allowed to get and view a copy of their own health records, and they can request that changes be made.

What Happens If You Violate HIPAA?

Some HIPAA violations happen because the business or medical office as a whole didn’t appropriately protect patient information. But what happens if an individual violates these laws?

Minor HIPAA Violations

Individuals can accidentally violate HIPAA without ever meaning to. Even if you’re always careful, mistakes do happen.

Any violation can potentially result in discipline. However, employers should know that occasional accidents can happen. If the HIPAA violation is minor, it might be dealt with internally, without serious consequences.

If minor violations happen more than once, the employer should give additional training to help staff understand the requirements of HIPAA completely. Even in the case of small, accidental violations, it’s important that they get reported to the person in charge of the organization’s HIPAA compliance. Minor violations might have major consequences if they don’t get reported.

Serious HIPAA Violations

If the HIPAA violation was serious, disciplinary action will likely be taken, even if it was an accident. This can result in punishment by professional organizations and even termination from your job.

This termination is more than just a job lost, though. If it was due to a HIPAA violation, it will be very hard for a medical professional to find another organization that will hire them.

If the violation happened on purpose, such as stealing patient information to cause them harm or for personal gain, criminal penalties are likely to be the result. These incidents should be reported to law enforcement so an investigation can be conducted.

The criminal penalties for personal HIPAA violations can include fines and prison time. Although criminal prosecutions for these situations are rare, if someone was stealing patient information for financial gain, they can get up to 10 years jail time.

However, penalties for HIPAA violations can’t be pursued by the patient whose information was compromised. For example, a patient generally can’t sue their nurse for a HIPAA violation.

Types of Personal HIPAA Violation

Let’s take a look at some of the most common ways these laws can be broken. There are many more possible HIPAA violations, but these are just some that are more likely to occur.

Accessing information about patients you don’t need to treat is one form of violation. So is gossiping about patients in a way that discloses their personal health information to coworkers, friends, or family members. Patient information can’t be disclosed to anyone who’s not authorized to have it.

Patient health information also can’t be provided to a new employer, or used for other types of personal gain. Of course, using information to cause harm to a patient is one of the more serious types of HIPAA violations.

Other violations can be completely accidental. Someone might dispose of patient documents improperly, such as placing it with the ordinary trash. Or, they might accidentally leave it where it can be found by unauthorized people.

HIPAA requires that you only disclose the information that’s necessary – disclosing too much is also a type of violation. Violations also happen online – medical practitioners can’t log in using someone else’s credentials to view patient information.

Social Media Violations

Social media offers a new and dangerous slippery slope where patient information can get compromised. There have been a number of documented cases of social media HIPAA violations in recent years.

No protected patient health information can ever be posted on social media, even if it’s in a closed group. Videos and photos of patients can’t be shared via platforms like Skype, Messenger, or Snapchat – even if they’re private or get deleted after a period of time.

The only time a patient photograph can be shared on social media is if the patient has given written authorization to do so.

There has been a lot of publicity recently around certain cases of medical care providers sharing photos of patients on social media without their permission, and many of these cases have resulted in serious penalties, including jail time. When in doubt, it’s best not to share anything about a patient on social media at all.

Are You Prepared to Prevent HIPAA Violations?

It’s important for medical offices to have standards in place that will make HIPAA violations less likely to occur. However, it’s often up to the individuals providing care to ensure that they don’t commit these violations.

What happens if you violate HIPAA depends on the situation, but the consequences range from unpleasant to dire. Protect your patients and your livelihood by taking care to avoid HIPAA violations.

Are you taking extra steps to steer clear of a violation? Leave a comment or get in touch with us.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top