Find the right lawyer now

Violation of Health Information Privacy

Find a Local Personal Injury Lawyer near You

Health Information Privacy Violations: What Is HIPPA?

HIPAA stands for the Health Insurance Portability and Accountability Act. Enacted in 1996 under President Clinton, the HIPAA has a privacy section which regulates the use and disclosure of patient health information, including health status, health insurance and health related payments. Entities covered by the HIPAA cannot disclose patient information except for certain reasons and only under certain conditions.

What Entities Are Covered By the HIPAA?

The HIPAA applies to the following entities:

  • Health insurers
  • Medical service providers
  • Employer sponsored plans,
  • Health care facilities
  • Any independent contractors employed by the entities listed.

What Reasons Would Allow Entities to Disclose Information?

Entities covered by the HIPAA can disclose information for the following reasons:

  • Upon the request of the patient, within 30 days
  • If required by the law, such as for suspected child abuse
  • If necessary to facilitate the treatment or the payment of treatment on behalf of the patient

Covered entities cannot disclose information for any other reason without the prior written consent of the patient.

What Is the Penalty for Violating the Privacy Regulations of HIPAA?

An entity that violates the privacy requirements of HIPAA is subject to criminal and civil penalties, including: 

  • Civil monetary penalties up to $100 per violation up to $25,000 per year for each violation
  • Criminal penalties ranging as high as $250,000 and 10 years in prison if the violation was committed with intent to use the private medical information for commercial gain and/or malicious harm

What Can I Do if My Privacy Rights under HIPAA Have Been Violated?

If you believe that an entity has inappropriately used or disclosed your private health information, you may file a direct complaint with the United States Department of Health and Human Services' Office for Civil Rights (OCR). The OCR will investigate the matter and impose civil penalties if appropriate. Criminal violations of the law will be referred to the U.S. Department of Justice. 

Do I Need a Lawyer Experienced with HIPAA Laws?

The HIPAA laws can be quite complicated, and penalties for violating a patient's privacy rights under HIPAA carry serious criminal charges and civil damages. An attorney can explain the law to you and ensure that you are in compliance with HIPAA's privacy requirements.

If you feel your rights have been violated under HIPAA, you may want to consult an attorney. Your attorney can advise you of your rights, help you file complaint against the specific agency that violated your privacy through illegal use of your records, and let you know if you may be entitled to any remedies.

Photo of page author Peter Clarke

, LegalMatch Content Manager

Last Modified: 07-29-2014 03:15 PM PDT

Law Library Disclaimer
  • No fee to present your case
  • Choose from lawyers in your area
  • A 100% confidential service
What is LegalMatch?

We've helped more than 4 million clients find the right lawyer – for free. Present your case online in minutes. LegalMatch matches you to pre-screened lawyers in your city or county based on the specifics of your case. Within 24 hours experienced local lawyers review it and evaluate if you have a solid case. If so, attorneys respond with an offer to represent you that includes a full attorney profile with details on their fee structure, background, and ratings by other LegalMatch users so you can decide if they're the right lawyer for you.