Proposed Standards for Privacy of Individually Identifiable Health Information. Enforcement


  • Under HIPAA, the Secretary is granted the authority to impose civil monetary penalties against those covered entities which fail to comply with the requirements of this regulation.
  • HIPAA also established criminal penalties for certain wrongful disclosures of protected health information. These penalties are graduated, increasing if the offense is committed under false pretenses, or with intent to sell the information or reap other personal gain.
  • Civil monetary penalties are capped at $25,000 for each calendar year for each standard that is violated.