HIPAA was officially enacted in the year 1996 by United States congress. HIPAA has two titles–In the Title I of the rule is to protect individuals and families under the circumstances when they lose their job or when they change their job. In the Title II also known as the administrative simplification provision requires the establishment of electronic healthcare transactions to protect the identity of providers, health insurance plans, and employers.
Title I has been a debated topic with health coverage of many individuals going under constant change looking at the job security of American individuals. Covering individuals under health care policy after significant breaks.
Title II is known as the background regulation of the healthcare industry as the industry moves towards the technological vibrant sector. Now with Information becoming the new currency, the law was made to protect the patients’ healthcare information.
According to the law here are some insights about the HIPAA regulations
U.S. Department of health and Human Services (HHS) office for civil rights (OCR) takes up the initiative of implementing the HIPAA security and privacy laws. OCR checks the following during investigation process
- Investigating complaints filed with it.
- Conduct compliance audit to determine the covered entities are in compliance.
- Educating and outreaching to foster the compliance.
In the case of non-compliance where the doctor’s office is not resolving the matter satisfactorily, OCR may decide to impose money penalties.
| HIPAA Violation | Minimum Penalty | Maximum Penalty |
| Unknowing | $100 per violation.
With an annual maximum of $25,000 for repeat violations. |
$50,000 per violation.
With an annual maximum of $1.5 million. |
| Reasonable Cause | $1,000 per violation.
With an annual maximum of $100,000 for repeat violations. |
$50,000 per violation.
With an annual maximum of $1.5 million. |
| Intentional neglect but violation is corrected within the required time period | $10,000 per violation.
With an annual maximum of $250,000 for repeat violations. |
$50,000 per violation.
With an annual maximum of $1.5 million. |
| Intentional neglect and is not corrected within required time period | $50,000 per violation.
With an annual maximum of $1.5 million. |
$50,000 per violation.
With an annual maximum of $1.5 million. |
In some cases, the office of civil rights (OCR) has taken the way of approaching the criminal liabilities just to cope up with violations.
The criminal violations of HIPAA are currently handled by DOJ. The person or organization which obtain and disclose individually identifiable health information can face a fine of up to $50,000 and imprisonment of up to 1 year. Offenses committed under false presentence increased to $100,000 fine with up to 5 years in prison. Finally, offences committed with intent to sell or use for commercial advantage, person gain or malicious harm fine to $250,000 and imprisonment up to 10 years.
Though in most cases the patient’s data is stolen from the hospitals demand money or use patient’s details for payment. Most cases the offenders get away with the crime as the patients affected don’t pursue the matter to a higher level. It’s imperative for the healthcare providers to understand the effect that any leak can underestimate the patients from different regions.