10. What happens if we violate the Privacy Regulations?
Violating the Privacy Regulations may result in harm to patients and to the University’s reputation. Patients do not have a private right of action in federal court under the HIPAA Privacy Regulations, but may be able to initiate breach of confidentiality lawsuits under state law. Violations of the HIPAA Privacy Regulations can result in the following civil and criminal penalties:
Civil penalties - $100 per violation not to exceed $25,000 per person in a calendar year for multiple violations of the same requirement
Criminal penalties – (a) Wrongful disclosure – $50,000 fine/1 year imprisonment, or both; (b) Offense under false pretenses - $100,000 fine/5 years imprisonment, or both; (c) Offense with intent to sell information - $250,000 fine/10 years imprisonment, or both.
In addition, employees that violate the Privacy Regulations and/or the University’s Privacy Policies will be subject to sanctions, up to and including termination of employment or abrogation of tenure.
Return to FAQ List
|
YOU ARE HERE : HOME / HIPAA Frequently Asked Questions / FAQ 10
