What is the regulation or statute for?

The main goal for the Health Information Portability and Accountability Act (HIPAA) is to protect the privacy of the medical history of a person but there are also other uses for this statute. According to the Department of Healthcare Services, HIPAA was passed by Congress to provide the following (Department of Health Care Services):

Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for health care information on electronic billing and other processes; and
Requires the protection and confidential handling of protected health information Who does the act protect?

The act protects everyone who is treated for any condition within the United States. This ensures that the right to privacy is enforced and that no other entity would be able to use the knowledge that they have about a person’s medical history against them or use that same knowledge to take advantage of the healthcare system.

What are the consequences for violating it?

Violating HIPAA can result in both Civil and Criminal penalties. (American Medical Association). Civil penalties are as described below:

HIPAA Violation
Minimum Penalty
Maximum Penalty
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA
$100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation)
$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to reasonable cause and not due to willful neglect
$1,000 per violation, with an annual maximum of $100,000 for repeat violations
$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to willful neglect but violation is corrected within the required time period
$10,000 per violation, with an annual maximum of $250,000 for repeat violations
$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation is due to willful neglect and is not corrected
$50,000 per violation, with an annual maximum of $1.5 million
$50,000 per violation, with an annual maximum of $1.5 million
(American Medical Association)

Criminal Penalties, on the other hand, must have proof beyond a reasonable doubt that the individual(s) who are in violation that they “knowingly” obtained the information for use. The penalties can go up to $250,000 with imprisonment for up to 10 years. (American Medical Association).

Why are laws like this good for protection?

HIPAA helps out all