Supremus Group
HIPAA law/regulation violation: Fines and Penalties for Non-Compliance
Call us now:
(515) 865-4591

HIPAA sets severe penalties for non-compliance. The penalties may be:

  • Civil
  • Criminal
  • Financial
  • Imprisonment

Under "General Penalty for Failure to Comply with Requirements and Standards" of Public Law 104-191, the Health Insurance Portability and Accountability Act of 1996, Section 1176 says that the Secretary can impose fines for noncompliance as high as $100 per offense, with a maximum of $25,000 per year on any person who violates a provision of this part.
Under "Wrongful Disclosure of Individually Identifiable Health Information," Section 1177 states that a person who knowingly:

  • uses or causes to be used a unique health identifier;
  • obtains individually identifiable health information relating to an individual; or
  • discloses individually identifiable health information to another person,

  • shall be fined not more than $50,000, imprisoned not more than 1 year, or both:
  • if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and
  • if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

Complains and Enforcement




HHS Office for Civil Rights (OCR)
Fact Sheet: How to File a Health Information Privacy Complaint
Complaints, which must be submitted in writing within 180 days of an unauthorized disclosure, can be faxed or mailed to the appropriate OCR regional office, or sent via email.

Transactions and Code Sets

Centers for Medicare & Medicaid Services (CMS)
CMS and OCR will work together on outreach and enforcement and on issues that touch on the responsibilities of both organizations - such as application of security standards or exception determinations.
CMS' Online Complaint Submission Form allows complaints to be submitted about covered entities' non-compliance with the HIPAA transaction standards. Complaints can also be submitted on a paper-based form available by download from the site (PDF).


Centers for Medicare & Medicaid Services (CMS)


Centers for Medicare & Medicaid Services (CMS)


Home | About Us | Contact Us | Reseller | Press Release | Privacy Notice | Refund Policy | Site Map
HIPAA Training | HIPAA Security Training | HIPAA Certification | HIPAA Privacy Training | HIPAA Compliance Manual | HIPAA Guide | HIPAA Book
HIPAA Risk Analysis Assessment | HIPAA Contingency Plan | HIPAA Audit
Supremus Group LLC , 855 SE Bell Ct, Suite 300, Waukee, IA 50263
Tel: (515) 865-4591 | Fax: (515) 221-2363
Copyright © 2006-2014 A SUPREMUS GROUP venture

Valid XHTML 1.0 Transitional Valid XHTML 1.0 Transitional