HIPAA violation penalties for nurses who breach HIPAA Rules have different levels of severity, based on the level of negligence that occurred. There are four tiers of potential HIPAA violation penalties for nurses, ranging from unknowing violations to deliberate neglect of HIPAA Rules.
The smallest fines are $100 per violation for tier 1, $1,000 per violation for tier 2, $10,000 per violation for tier 3, and $50,000 per violation for tier 4. The penalty amounts are decided by the Department of Health and Human Services, or by state attorneys general when they issue penalties for HIPAA breaches.
What is the Highest Possible HIPAA Violation Penalty for Nurses?
The highest possible penalty for a single case of a HIPAA violation is $50,000 per violation or per record, with an annual maximum fine of $1.5 million per violation category.
Serious violations of HIPAA Rules can result in criminal charges for HIPAA violations, and along with financial penalties, jail time is possible. Criminal violations of HIPAA Rules are dealt with by the U.S. Department of Justice.
Nurses who deliberately obtain or disclose individually identifiable protected health information can be inflicted with a fine of up to $50,000 and up to 12 months in jail. If an offense is committed under false pretenses, the criminal penalties increase to a fine of up to $100,000 and up to 5 years jail time. If there is intent to sell, transfer, or illegally use PHI for personal profit, commercial advantage, or malicious harm, the maximum penalty is a fine up to $250,000 and up to 10 years jail time.
When it can be shown that there has been aggravated identity theft, the Identity Theft Penalty Enhancement Act necessitates a mandatory minimum prison term of two years.