Statute of Limitations for Penalties for HIPAA Violations

The Health Insurance and Portability and Accountability Act (HIPAA) regulates privacy and the exchange of information between insurance companies, health care organizations and the public. Breaches of HIPAA’s regulations are punishable by fines. However, like most civil matters, HIPAA violations have a statute of limitations after which a victim of a HIPAA violation can no longer seek restitution. If you have any questions regarding HIPAA violations or statutes of limitations, contact an attorney.

The statute of limitations for HIPAA violations is six years.

The penalties for HIPAA violations are divided by their four corresponding violation types. The first is that an individual violates HIPAA regulations, but did not understand that he was violating the terms of HIPAA. The penalty for the first type of violation is a fee of $100 to $50,000 (as of August, 2010). The second type of violation is that the individual violated HIPAA with reasonable cause. This type of violation carries a penalty of $1,000 to $50,000 per violation. The third and fourth types of violations involve willful neglect. If these is willful neglect but the violation is corrected within the required time period, then the penalty is $10,000 to $50,000 per violation. If there is willful neglect but the violation is not corrected, then the penalty is a set $50,000 per violation.

Some examples of HIPAA violations are: posting of medical records on the internet without consent; releasing more information than was consented; releasing information to employers without consent; releasing or selling medical information to the press; accidentally leaking information, such as to a partner or child; and releasing medical information accidentally because of the weakness of a security system.

Read More: Examples of HIPAA Regulation Violations