HIPAA Violation. The U.S. Department of Health and Human Services (HHS) may impose civil money penalties on a covered entity of up to $50,000 for failure to comply with a provision in the Privacy, Security, and Breach Notification Rules, with maximum annual limits for violations of identical provisions, which are set forth at 42 U.S.C. 1320d-5(a). A person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces criminal penalties ranging from $50,000, up to one-year imprisonment, or both, to, in circumstances where the wrongful conduct involves the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, up to $250,000, up to ten years imprisonment, or both Criminal enforcement is conducted by the Department of Justice.
Appears in 4 contracts
Samples: Trading Partner Agreement, Trading Partner Agreement, omb.report
