We are independent & ad-supported. We may earn a commission for purchases made through our links.
WiseGeek

Advertiser Disclosure

Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.

How We Make Money

We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently from our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Health

What is a HIPAA Violation?

By B. Turner
Updated May 17, 2024
Our promise to you
WiseGeek is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At WiseGeek, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

In 1996, the United States Congress enacted the Health Insurance Portability and Accountability Act (HIPAA), which includes provisions on health care and insurance. Part 1 of HIPAA addresses health insurance coverage, while Part 2 regulates patient privacy. Part 2 of the HIPAA Act brought about major changes in health care administration in the US, and changed the way patient health records are managed. Health care workers or other individuals who fail to follow any of these laws are guilty of a HIPAA violation, which comes with both criminal and civil penalties.

Part 2 of the HIPAA Act covers three basic tenants of patient rights, broken down into administrative, physical, and technical categories. The section on administrative rights requires all health care organizations to designate a single individual to take charge to patient privacy, and to ensure that HIPAA regulations are followed. This category also covers employee training, interactions with third-parties who may view patient records, and policies for handling a security breach. Companies who fail to designate an individual to manage HIPAA requirements may be guilty of a HIPAA violation, and could be subject to penalties. Any failure to implement the required administrative policies could represent an additional HIPAA violation.

In terms of physical requirements, health care organizations must provide secure locks for all patient files in order to avoid a potential HIPAA violation. The organizations must keep these files away from the public, and should ensure that access is only granted on a need-to-know basis. For example, an employee who snoops into files that he does not need to see to perform his job could be guilty of a HIPAA violation. This category also requires organizations to safely and securely dispose of files when they are no longer needed.

To avoid a technical HIPAA violation, organizations must encrypt all computer files related to patient health records. Each must require a password for access, and only those employees who need access should be informed of the password. In some instances, each employee must be given a unique password so regulating officials can determine who accessed specific files.

Penalties for a HIPAA violation cover both intentional and unintentional violations, including those caused by simple neglect. Civil penalties can be as high as $1.5 million US Dollars (USD) in a single year. Each basic violation could bring criminal fines of as much as $25,000 USD, and intentional misuse of records carries a prison term of up to 10 years. Penalties may be even higher for multiple violations within a specified period.

WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
See our Editorial Process Share Feedback

Related Articles

Discussion Comments

By bluespirit — On Aug 12, 2011

I had read about a Californian who received 4 months in prison and was said to have been the first person to ever go to prison for a HIPAA violation. He had gone to prison seemingly for the amount of times he violated HIPAA - he had looked up something like three hundred and something different medical records!

Luckily he had not done anything with the medical records, as it seems there were also celebrity's records he had looked up so it was thought that he might have intended to leak the news but he had not done so.

It made me want to learn more about HIPAA to see what else it covered in patient rights for privacy.

By amysamp — On Aug 11, 2011

When I was first starting out in speech therapy school I thought my professor was a little overly cautious with the clients information as she took them from a school to our clinic in a locked file holder.

I quickly learned however about HIPAA (pronounced like you pronounce SCUBA - by saying the letters together as a word) and was appreciative of the laws when I learned about them. The laws really have the patient's privacy in their best interest.

Has anyone ever actually been sent to prison for HIPAA violations?

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.