The cost of HIPAA violations

Non compliance can lead to fines of up to $25,000

The Department of Health and Human Services (DHHS) has released interim final rules on Civil Money Penalties that may be imposed for violations of HIPAA Administrative Simplification rules.

HIPAA Privacy regulations went into effect on April 14, 2003.

Penalties of $100 per violation may be levied against violators. The interim rules also outline a maximum of $25,000 per calendar year for identical violations.

These penalties may be imposed on covered entities.

The rules establish procedures for imposing the penalties.

This is the first building block of comprehensive rules that will eventually address all Civil Money Penalties and enforcement for HIPAA violations.

The DHHS will handle enforcement of Civil Money Penalties while the U.S. Department of Justice will oversee HIPAA criminal penalties.

The rules also identify cases in which the DHHS will be limited in levying these penalties. Those instances include cases in which criminal penalties are applied; the liable person using reasonable diligence did not know HIPAA was violated; or the compliance failure was due to reasonable cause and corrected within 30 days.

The DHHS may also reduce or waive penalties it determines are excessive in respect to the violation.

There is a six-year statute of limitations on imposing the penalties.

Contact COBRA Compliance Systems, Inc. for more information on HIPAA compliance solutions.

News Room sign-up sheet | Archive