Four Tiers Of HIPAA Violations

248 Words1 Pages
According to Furrow et al. (2013), when healthcare organizations and providers fail to comply with HIPAA rules it can result in civil and criminal penalties. The AARA created a structure of four tiers of civil penalties for HIPAA violations, which the Secretary of the DHHS has discretion in determining the penalty. For example, tier 1 penalties apply to violations due to reasonable cause and not due to willful neglect. In other words, the healthcare organization is unaware of the HIPAA violation. In this situation, the minimum penalty is $100 per violation with an annual maximum of $25,000 for repeat violations (Furrow et al., 2013). Tier 2 penalties apply to violations for reasonable cause, but not willful neglect. In this situation,