|  | Healthcare Industry | General Healthcare Industry

Legal Implications of HIPAA

The Health Insurance Portability and Accountability Act--better known as HIPAA--is a congressional act authorized in 1996 that addresses the numerous health, safety and privacy issues within the health care field. The supplemental American Recovery and Reinvestment Act (ARRA) later established a schedule of civil penalties for individuals who violate the privacy requirements of Section II of HIPPA, allowing patients to seek monetary recourse when medical professionals neglect or intentionally ignore their rights to privacy.

  1. General Violations

    • Any health care professional who violates a provision of HIPAA's regulations in a manner not otherwise defined by the Public Health and Welfare Code (42 U.S.C. Ch. 7) is subject to a civil penalty of up to $100 for each violation. The maximum civil penalty an individual can receive for all combined violations in a single calendar year is $25,000, in addition to any criminal penalties to which the individual may be liable.

    Reasonable Cause

    • A health care professional who violates HIPAA regulations due to reasonable cause--determined on a case-by-case basis--but did so out of willful neglect, is subject to fines of up to $1,000 per individual violation. The maximum civil penalty for a single calendar year is $100,000. Health care professionals with a previous history of violating HIPAA regulations due to reasonable cause are subject to fines of up to $50,000 per individual violation with a yearly maximum of $1.5 million.

    Corrected Neglect

    • A health care professional who violates HIPAA through willful neglect, but corrects the violation(s) within 30 days from the date the violation occurred, is subject to fines of up to $10,000 per individual violation. The maximum civil penalty for willful, but corrected, neglect is $250,000 for any calendar year. Health care professionals with a history of willful, but corrected, neglect are subject to fines of up to $50,000 per individual violation with a yearly maximum of $1.5 million. An offender may request additional time to correct HIPAA violations due to willful neglect if he can demonstrate that even with reasonable diligence, he would not have discovered the violation until the date on which he actually did.

    Willful Negligence

    • HIPAA violations attributed to a health professional's willful neglect, that are not corrected within 30 days of the initial violation, carry a penalty of up to $50,000 per individual violation. The total maximum civil penalty for all violations within a calendar year is capped at $1.5 million.

    Individually Identifiable Information

    • Any health care professional that knowingly and willfully violates HIPAA in such a manner that a patient's individually identifiable health information is made available to any other person is subject to fines of up to $50,000 for each individual violation, up to one year in prison or both. If the violation occurs under false pretenses, the fine increases to $100,000 per violation, up to five years in prison or both. If the health care provider committed the violation with the intent to sell, transfer or personally use the individually identifiable information for "commercial advantage, personal gain, or malicious harm," (42 U.S.C. 1320d--6(b)(3)), the fine increases to up to $250,000 per individual violation, up to 10 years in prison, or both.

General Healthcare Industry - Related Articles