HIPAA Fast facts

The Health Insurance Portability and Accountability Act of 1996 sets standards for maintaining the security and privacy of health information.
To comply with privacy regulations, health-care providers had to develop policies and procedures to:
Protect the privacy of health information.
Create a "notice of privacy practices" detailing how confidential health information is used and disclosed.
Provide privacy training to personnel.
Implement safeguards to protect health information from improper disclosure.
Protect the security of health information in the workplace and during its disposal.
Designate security officers.
Establish a reporting and response system for security violations.
Failure to comply with HIPAA could result in serious penalties.
Civil penalties are: $100 per violation and up to $25,000 per person for all identical violations in a calendar year.
Criminal penalties are: $50,000 fine and imprisonment for one year for knowingly obtaining or disclosing individually identifiable health information; $100,000 fine and imprisonment for five years for knowingly obtaining or disclosing individually identifiable health information under false pretenses; and a maximum fine of $250,000 and/or up to 10 years of imprisonment for obtaining or disclosing individually identifiable health information with the intent to sell, transfer or use the information for commercial advantage, personal gain, or malicious harm.
Sources: Ohio State Medical Association, U.S. Department of Health & amp; Human Services, Centers for Medicare and Medicaid Services, Anthem Blue Cross and Blue Shield.