The Health Insurance Portability and Accountability Act was put in place to hold health care professionals and organizations accountable for patient rights. HIPAA rules can cost medical practices and insurance providers thousands of dollars. While ultimately these standards and the penalties for violating them are good because they protect patients, they can be quite costly to a medical practice if HIPAA is violated. As such, it's important for practices to know how severe the penalties are.  

HIPAA is divided into five parts: insurance, administrative simplification, tax-related health provisions, the application and enforcement of group health care plan requirements, and revenue offsets. Any violation of HIPAA can result in a hefty fine. Practices should make sure that they are doing everything they can to be HIPAA compliant year-round. 

Types of HIPAA violations and fines associated with them
HIPAA violations happen often in the health care industry. Violations can result in civil and criminal cases and fall under several categories. While there are a few different types of violations, the overall effect of the violation will typically depend on the specifics of the situation and the severity of the violation. According to the American Medical Association, there are four categories that HIPAA violators often fall under:

  • Unknown violation of HIPAA
    This occurs when the practice truly was not aware of the violation. Although the violation might have been avoided with more training, it still falls under noncompliance. The minimum fine for this type of violation is $100 and the maximum is $50,000 per incident. 
  • Violation due to reasonable cause 
    Reasonable cause occurs when something was omitted by a medical provider who knew or should have known that the act of omission was in violation of HIPAA compliance. For this type of offense, the fine starts at $1,000 and can be as high as $50,000 per violation. 
  • Willful violation but violation corrected within proper time
    This situation occurs when a violation has been committed due to willful neglect, but is then fixed within a certain period of time. This time period is usually 30 days, but it can be extended. These types of violations can cost a practice anywhere from $10,000 to $50,000 depending on the violation. 
  • Willful violation
    Willful violations occur when someone knows they have violated HIPAA compliance and nothing is done to fix the situation. Fines for this type of noncompliance cost $50,000 per violation. 

Criminal consequences
HIPAA violations can also result in criminal penalties in the form of fines and jail time. Criminal consequences are reserved for people who knowingly violated HIPAA rules. The severity of the fines and jail time depend on what the person was going to to with patient data. Criminal penalties can be anywhere from $50,000 and up to one year in prison to $250,000 and up to 10 years in prison. 

What practices can do to ensure HIPAA compliance
While HIPAA compliance poses issues for practices, there are steps that can be taken.

  • Train your employees well
    Well-trained employees will make less mistakes when it comes to HIPAA compliance. If your employees are well-trained, you have a good chance of eliminating one type of violation. 
  • Ensure all technology is HIPAA compliant
    Just because you updated your medical billing and coding software this year and you know it's HIPAA compliant, it doesn't mean the rest of the practice's software is up to date. Consult your software provider often so that you stay compliant. 
  • Always pay attention to HIPAA updates
    While you're probably busy managing the every aspect of your practice, you need to always make sure any new HIPAA updates are addressed.