The Privacy Ruling was published in the Federal Register on December 28, 2000. The U.S. Department of Health and Human Services' Office for Civil Rights is responsible for enforcing this rule. The potential implications for failure to comply with HIPAA’s privacy, security and breach notification requirements range from the cost of investigation and taking corrective action as part of an informal resolution to significant civil and criminal penalties imposed by the Department of Health and Human Services (HHS) through its Office for Civil Rights (OCR). Civil penalties range from $110 to $55,010 for each single violation (with a cap of $1,650,300 for violations of an identical provision within a calendar year). Criminal penalties include possible imprisonment of up to one year and fines of up to $50,000 for knowing violations of the HIPAA privacy, security, or breach notification rules, with significantly higher potential penalties if the offense is made under false pretenses or for commercial advantage, personal gain, or malicious harm.
The privacy regulation has three major purposes:
- To protect and enhance the rights of consumers by providing them access to their health information and controlling the appropriate use of that information;
- To improve the quality of health care in the United States by restoring trust in the health care system among consumers, health care professionals and the many organizations and individuals committed to the delivery of health care; and
- To improve the efficiency and effectiveness of health care delivery by creating a national framework for health, privacy and protection.
- Updated 07/28/21
- Updated 01/25/17
- Updated 07/28/21
The following resources provide information about the Privacy Rule, as well as about other provisions of HIPAA.
Relevant Web Sites
- Department of Health and Human Services - Office for Civil Rights - Responsible for enforcing compliance with the Privacy Rule.
- Department of Health and Human Services - Administrative Simplification - Contains other information on the administrative simplification requirements of HIPAA.
- American Health Information Management Association - The association for health information professionals.
- Department of Health and Human Services - Model compliance extension form, frequently asked questions, links to other HIPAA sites, and information on regulations and the law are located here.
- FREE Video - CMS' "Meeting the HIPAA Challenge: Implementing the Administrative Simplifications of HIPAA." For a free video, e-mail your request to [email protected].
- FREE Information - https://www.federalregister.gov/ - Review proposed or final rules on HIPAA that have been published in the Federal Register. The Federal Register is the place where the government, upon passing a law, tells the public how the law will be implemented.
- CMS E-Mail box - [email protected]. Send your questions on HIPAA administrative simplification here. Privacy-related questions should be directed to [email protected] or call (toll-free) (866) 627-7748.
- News for All Fee-For-Service (FFS) Medicare Providers