State Law
In general, state laws contrary to the HIPAA regulations are preempted by the federal requirements, which means the federal requirements will apply.
Enforcement and Penalties for Non-Compliance
If the employees or volunteers of a covered entity don't follow HIPAA rules, the federal government can:
- carry out an investigation
- give fines or even jail time if they are found guilty.
Civil Penalties
Unintentional HIPAA violations might lead to financial penalties. However, Health and Human Services might not give a fine in certain cases. For instance, if the violation happened for a reasonable cause and wasn't due to intentional neglect, and if the covered entity fixed the issue within 30 days of becoming aware of it, then a penalty may not be imposed.
Criminal Penalties
If someone intentionally shares PHI without permission, sells the information, or commits other offenses using false pretenses, they could face big fines ranging from $50,000 to $250,000 and/or jail time. The U.S. Department of Justice is responsible for enforcing these criminal penalties.
Knowledge Check Choose the best answer for the question.
3-10. What criminal penalty may result if you knowingly make an unauthorized disclosure or sell a patient's PHI?
You forgot to answer the question!