Page 4 of 9 

HIPAA Regulations

What is HIPAA?

When a patient gets care, they may see doctors, nurses and other healthcare providers in several different clinics. Patient medical records and billing information is often moved from place to place or from computer to computer. Because private information about patients can be in many places, it is important to have a way to protect health information and keep it private.

The Health Insurance Portability and Accountability Act (HIPAA) was a law created in 1996 to protect patient privacy. HIPAA Privacy Rules set limits on who has the right to use a patient’s written, spoken or electronic health information. It also describes how healthcare organizations and insurance providers must protect health information including:

  • How to handle protected health information
  • How to share information
  • What type of information can be shared
  • With whom they can share information

What if HIPAA rules are violated?

HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.

HIPAA violation categories and their respective penalty amounts are outlined in the chart below:

ViolationAmount per violationViolations of an identical provision in a calendar year
Did Not Know$100 - $50,000$1,500,000
Reasonable Cause$1,000 - $50,000$1,500,000
Willful Neglect - Corrected$10,000 - $50,000$1,500,000
Willful Neglect - Not Corrected$50,000$1,500,000

Source: What is the penalty for HIPAA violation

Note: This course provides only basic HIPAA information.

Your organization may ask you to complete a HIPAA training course. If you have questions about protecting patient information, ask your supervisor.

Who needs to follow HIPAA rules and what information needs to be protected? >>>

Page 4 of 9