The penalties for criminal violations of HIPAA are substantial — generally a fine of up to $50,000 and up to one year in prison. A violation of HIPAA committed under false pretenses, such as disclosing a patient’s information for a reason the provider knows to be untrue (such disclosing a patient’s protected health information on the premise that the patient is an imminent threat to the public when the provider knows this to be false), can carry a fine of up to $100,000 and imprisonment for up to five years.
A gentle reminder for those of us in the financial services industry, especially life underwriters who deal with protected health data on a daily basis.