HIPAA Violation Types and Penalty Structure

Civil money penalties (CMPs) are penalties that HHS imposes on a covered entity that have HIPAA violations. The penalty structure is tiered, based on the knowledge a covered entity had of the violation.

HIPAA Violation Minimum Penalty Maximum Penalty
Unknowing $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) $50,000 per violation, with an annual maximum of $1.5 million
Reasonable Cause $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
Willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
Willful neglect and is not corrected within required time period $50,000 per violation, with an annual maximum of $1.5 million $50,000 per violation, with an annual maximum of $1.5 million

FREE Whitepaper:
HIPAA Omnibus Rule Compliance Checklist For Small Practices and Medical Groups

Don't fall for the fallacy that a meaningful use certified EHR vendor has created HIPAA compliance for you merely through the certification process. You MUST download this whitepaper now!












Enter characters below: