Penalties for Violating HIPAA Regulations

General Failure to Comply (Civil)

  • Each violation: $100
  • Maximum penalty for all violations of an identical requirement: $25,000.

Incidental. disclosure of individually identifiable health information

  • Knowing disclosure: $50,000, imprisonment of not more than one year or both.
  • Disclosure under false pretenses: $100,000, imprisonment of not more than 5 years or both.
  • Disclosure for profit, gain, or harm: $250,000, imprisonment of not more than 10 years or both.