HIPAA Compliance for Employers

Friday September 03, 2010

HIPAA Employer > About HIPAA Privacy Regulations

Are There Penalties for not Complying with the Rules?

Yes. There are both civil and criminal penalties for noncompliance. Civil penalties may be assessed at $100 for each provision of the Rules violated, with an annual cap of $25,000 per person, per violated provision. Criminal penalties for knowing violations of the Rules may include monetary fines as well as imprisonment. Fines range from up to $50,000 and one year of imprisonment to up to $250,000 and up to 10 years of imprisonment. [42 USC §§ 1176, 1177.]

Who Enforces the Privacy Rule?

HHS has delegated responsibility for enforcing the Privacy Rule to the HHS Office for Civil Rights ("OCR"). OCR's enforcement regulations have not yet been published. [65 Fed. Reg. 82472.] OCR's web site, where it intends to publish enforcement information, is www.hhs.gov/ocr/hipaa.

Can a Participant or Beneficiary Sue Me for Alleged Violations of these Rules?

The Administrative Simplification Rules themselves do not provide a private right of action, meaning they do not authorize private individuals to sue covered entities, such as covered group health plans, for alleged for violations. [65 Fed. Reg. 82566, 82604.]

Nonetheless, employers might find themselves subject to private lawsuits under other theories. For example, in certain circumstances, the Administrative Simplification Rules require an employer to amend its group health plan documents. To the extent that such a group health plan is governed by ERISA, participants and beneficiaries will have the right to sue for enforcement of the plan document, including, perhaps, the amendments required by the Administrative Simplification Rules.

In addition, as noted above, state laws providing more stringent remedies are likely to apply. Those applicable state laws may provide private rights of action, and if they do, participants and beneficiaries may be able to invoke them. [65 Fed. Reg. 82582.]

Where Can I Find More Information About the Privacy Rule?

The preceding pages are excerpts from the first of 14 chapters in an extensive Privacy Manual for Employers and Health Plans. To purchase a complete copy of this manual click here.

More information about the Privacy Rule can be found at the following HHS web sites:

http://www.hhs.gov/ocr/hipaa/finalreg.html

http://www.hhs.gov/ocr

Page 5 of 8
<<< Previous Page Next Page >>>

HIPAA EMPLOYER LINKS

	HIPAA Newsletter
	Online HIPAA Training
	HIPAA Privacy Workbooks
	HIPAA Security Workbooks
	HIPAA White Papers

| | | | | |

| | | |