HIPAA Employer Home

HIPAA EMPLOYER - ABOUT HIPAA PRIVACY
  HIPAA for Employers & Brokers

QUICK HIPAA REFERENCE LINKS

   
 

Are there any penalties for not complying with the Rules?

Yes. There are both civil and criminal penalties for noncompliance. Civil penalties may be assessed at $100 for each provision of the Rules violated, with an annual cap of $25,000 per person, per violated provision. Criminal penalties for knowing violations of the Rules may include monetary fines as well as imprisonment. Fines range from up to $50,000 and one year of imprisonment to up to $250,000 and up to 10 years of imprisonment. [42 USC §§ 1176, 1177.]

Who enforces the Privacy Rule?

HHS has delegated responsibility for enforcing the Privacy Rule to the HHS Office for Civil Rights ("OCR"). OCR's enforcement regulations have not yet been published. [65 Fed. Reg. 82472.] OCR's web site, where it intends to publish enforcement information, is www.hhs.gov/ocr/hipaa.

Can a participant or beneficiary sue me for alleged violations of the Rules?

The Administrative Simplification Rules themselves do not provide a private right of action, meaning they do not authorize private individuals to sue covered entities, such as covered group health plans, for alleged for violations. [65 Fed. Reg. 82566, 82604.]

Nonetheless, employers might find themselves subject to private lawsuits under other theories. For example, in certain circumstances, the Administrative Simplification Rules require an employer to amend its group health plan documents. To the extent that such a group health plan is governed by ERISA, participants and beneficiaries will have the right to sue for enforcement of the plan document, including, perhaps, the amendments required by the Administrative Simplification Rules.

In addition, as noted above, state laws providing more stringent remedies are likely to apply. Those applicable state laws may provide private rights of action, and if they do, participants and beneficiaries may be able to invoke them. [65 Fed. Reg. 82582.]

Where can I find more information about the Privacy Rule?
More information about the Privacy Rule can be found at the following web sites:

http://www.hhs.gov/ocr/hipaa/finalreg.html

http://www.hhs.gov/ocr

HIPAA Employer is the first of 14 chapters in an extensive Privacy Manual for Employers and Health Plans. For a complete copy of this manual click here.

<Previous     Page 5 of 5      Home>

  
 
Excerpts from our manual - HIPAA for the Employer
  
     
© HIPAA Solutions RX | About HIPAA | Our Products | Brokers | About Us | Site Map