There Are Penalties
Both criminal and civil penalties for:
- Failure to comply with HIPAA requirements
- Knowingly or wrongfully disclosing or receiving individually identifiable health information
- Obtaining information under false pretences
- Obtaining information with intent to:
- Sell or transfer it
- Use if for commercial advantage
- Use if for personal gain
- Use if for malicious harm
It is important to know that there are penalties for failure to meet the requirements of the privacy regulations or inappropriately disclosing or receiving confidential health information. Penalties can be either criminal or civil and can result in either monetary fines, imprisonment, or both. Monetary penalties range from $100 to $100,000 depending with imprisonment up to 10 years depending on the severity. The penalties become more severe when information is obtained under false pretenses or information is obtained with the intent to sell or transfer it, or use it for commercial gain, personal gain, or for malicious harm.
Both institutions and individuals can be held liable for breaches in privacy--the penalties do not just apply to an organization.