Law Blog


Understanding HIPAA and the Penalties of Noncompliance

, / 630 0

HIPAA stands for the Health Insurance Portability and Accountability Act (1996) and it is mandatory for all applicable businesses to comply with it. However, in order to ensure perfect and continuing compliance, one must understand what the Act is about and what it represents.

The Legislation

HIPAA came into force in 1996, under the Presidency of Bill Clinton. The legislation is designed to keep the privacy of a US citizen’s medical data and associated information safe from unauthorized access. To classify, categorize, and define the security and privacy standards in relation to patient information, the Health Insurance Portability and Accountability Act has been further divided into five Titles (HIPAA Title I – V).

Since medical data retrieval is an important process for many business segments, which includes but is not limited to, health insurance, health care clearinghouses, and healthcare providers, taking a brief look through the 5 Titles of the HIPAA Act and the associated penalties with each act of noncompliance is essential for every business that must adhere to HIPAA compliance.


Protects people who are unemployed, fired or between jobs from discrimination by health insurance providers. It also prevents insurers from refusing a citizen’s right to get health insurance, even if they have a pre-existing condition.


Protects citizens against unauthorized access to EHR. The United States Department of Human Services and Health is in charge of standardizing, updating, and tracking HIPAA compliance/noncompliance throughout the nation.


Details the Guidelines in regard to:

  1. Medical spending accounts pre-tax
  2. Changes made in US health insurance laws
  • Tax deductions in respect to the patient’s medical insurance coverage


Details the Guidelines in regard to:

  1. Group health insurance plans
  2. Updates and modifications to insurance coverages


Details the Guidelines in regard to:

  1. Privately owned or company owned life and health insurance plans
  2. Treating Non-US citizens on US soil
  • Treating former US citizens with revoked citizenship, on account of income tax violations

Repercussions of Non-Compliance

Regulated by the Department of Health and Human Services (HHS), failure to comply with any of the HIPAA rules will result in the offender suffering consequences. Depending on the particular offense, its severity, and the situation under which the violation occurred, the US Office for Civil Rights (OCR) can levy any of the following penalties.

First-Tier Penalties

A First-Tier penalty is incurred by parties who were proven to be unaware of the breach. They are fined $100 – $50,000 for each individual incidence of non-compliance. The cap is set at $1.5 million.

Second-Tier Penalties

The Second-Tier penalties also have a $1.5 million cap but starts out more expensive at $1,000 – $50,000 per incidence of non-compliance. These penalties are levied on parties that had or should have had knowledge regarding the concerned breach.

Third-Tier Penalties

Capped again at $1.5 million max, Third-Tier penalties start out 10 times more expensive than Second Tier Penalties ($10,000-$50,000) per incidence. It’s for parties that are guilty of wilful neglect but took actions to rectify the breach within 30 days.

Fourth-Tier Penalties

The fourth and costliest of the HIPAA valuation penalties begin at $50,000 per incident, but do not under normal circumstances cross the $1.5 million cap. On the receiving end of a Fourth-Tier penalty are those that wilfully neglected the breach and did not take any actions to correct their position on HIPAA compliance within 30 days.

The problem with EHR (HIPAA Title II) compliance is that it keeps changing often. Therefore, it is extremely important for every insurance provider and healthcare provider to work with in-house or outsourced EHR specialists and HIPAA compliant medical data retrieval companies closely.