The penalties for violating HIPAA rules are severe and range from $100 to $50,000 per violation (or per record) up to a maximum of $1,500,000 per year and can carry criminal charges which could result in jail time. They are incurred if PHI (or ePHI, Electronic Personal Health Information) is released to the public in unencrypted form of more than 500 records.

The fines and charges are broken down into 2 major categories: “Reasonable Cause” and “Willful Neglect”. Within each category, there are 2 tiers.

Reasonable Cause ranges from $100 to $50,000 per incident (release of 500 medical records) and does not involve any jail time.

Willful Neglect ranges from $10,000 to $50,000 for each incident and can result in criminal charges.