Penalties for Non-Compliance
Law 42 USC 1320d-6 (HIPAA Sec.1177) outlines penalties for violating privacy and security standards.
Penalties may be civil or criminal and may be sanctioned in the form of fines or incarceration.
Violation of transaction standards will be up to $100 per person per violation to a maximum of $25,000 per calendar year. A 30 day grace period can be granted if not of willful neglect.
Additionally, the disclosure or obtaining of PHI can carry criminal penalties of $50,000 and imprisonment of one year or; as high as $100,000 and imprisonment of five years; and fines of $250,000 and imprisonment for ten years for obtaining or disclosing PHI with intent to sell, transfer or use for commercial advantage, personal gain or harm.