Penalties for Non-compliance
Civil Monetary Penalties:
- $100 per violation
- Capped at $25,000 for each calendar year for each requirement or prohibition that is violated
- Enforced by Office for Civil Rights
Criminal Penalties for Certain Violations:
- Greater penalties for knowing violations of rule
- Up to $50,000 fine and 1 year imprisonment for knowingly obtaining or disclosing individually identifiable health information
- Up to $100,000 & 5 years imprisonment if done under false pretenses
- Up to $250,000 & 10 years imprisonment if done with intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm
- Enforced by U.S. Department of Justice
In cases of non-compliance, disciplinary actions are based partially upon which personnel system the employee is in. Progressive discipline based on the appropriate Personnel Systems will be used.
- Civil Service employees may face sanctions up to and including termination from Federal Civil Service
- Commissioned Officers may face sanctions to include recommendation for termination of commission
- Employees may be held individually accountable under the Privacy Rule
Return to About HIPAA Regulations
|