Not all HIPAA violations are created equal. Different types of behaviors will lead to different penalties, including fines. It helps to know what the pattern of fine increases is and how they have been born out in real life so far.
The American Medical Association's official website features a table to help practices see how penalties accrue and which offenses are liable for the most severe punishments. The minimum and maximum rates, according to this source, depend on the user's intent and how the violation occurred. The more intentional the action, the higher the minimum fine is.
For example, a fine that was caused by a person who acted in good faith and had no way of knowing they were violating HIPAA can incur a charge as low as $100. On the other end of the spectrum, a violation that was both deliberate and uncorrected starts at $50,000 and can reach a maximum of $1.5 million per year.
Throughout the years, the industry has seen fees that are increasingly higher. Diagnostic Imaging recently reported on the Tenet Healthcare case that actually began before HIPAA and resulted in a case of more than $32 million. Another, more recent example is Triple S Insurance, a target that had to pay nearly $7 million.
With more experience and guidance, practices will be able to fix any possible risks in their records systems before a problem takes place. An outside consultant with expertise in these matters will be a valuable asset in addressing particular breaches correctly and preventing any existing flaws from getting worse. As the table shows, negligence is one of the key factors that drive up the rates of fees.