The need for HIPAA compliance
HHS takes HIPAA compliance very seriously. It enforces HIPAA requirements aggressively and hands down stiff financial penalties according to a four-tier system.
Accidental, low-impact HIPAA violations are eligible for a $100 fine per violation, with an annual maximum of $25,000.
For higher impact violations, fines increase to $1,000 per violation, with an annual maximum of $100,000.
HHS takes intentional neglect of HIPAA requirements very seriously. If healthcare entities correct first-time HIPAA compliance violation in a timely fashion, the fine stands at $10,000 per violation, with an annual maximum of $250,000.
Entities that willfully violate HIPAA and fail to correct the problem face a fine of $50,000 per violation, with an annual maximum of $1.5 million. Intentional violations of the HIPAA requirements for privacy, such as in a hacking attack or copying and disseminating PHI, carry fines up to $100,000 and up to 10 years in prison.