Enforcement

In order to enforce regulations, penalties are included as part of the package. There are two type of potential penalties; civil and criminal. Failure to comply with HIPAA, failure to protect PHI, and misuse of PHI are all examples of non-compliance. The penalties range from $100 per violation to 10 years in prison. It is unclear what violations will result in penalties.

The Office of Civil Rights (OCR) is the governmental enforcement agency for the HIPAA Privacy Rule. It is unclear how the OCR will choose to enforce the Privacy Rule but the OCR did indicate that initially it would be a complaint-driven process. The OCR website has more information about the OCR plans and the Regional offices responsible for enforcement.

.

.