How Much Does HIPAA Non-Compliance Cost?

by | May 6, 2015

The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) reqiores that all covered bodies put in place the appropriate administrative, physical and technical safeguards to keep PHI secure. Failure to adopt those basic minimum standards can lead to more than a fine from the Department of Health and Human Services’ Office for Civil Rights (OCR). The cost of HIPAA non-compliance is high.

Since the HIPAA Enforcement Act, the OCR has been able to fine organizations that fail to implement the proper security measuresto protect healthcare data and the privacy of patients. Fines of up to $1.5 million can be applied for HIPAA violations, with that number made larger by the number of years each violation has been allowed to persist.

Multimillion dollar financial penalties have already been applied for non-compliance, but a HIPAA-violation penalty is one of the lower costs covered entities have to cover. Organizations experiencing even comparatively small data breaches can see the cost of a data healthcare data breach explode.

Tenet Healthcare estimated that its data breach would cost in the region of $32.5 million, while the Anthem hacking incident has been predicted to cost considerably more; conservative estimates start at $100 million.

Breach notification costs cannot be ignored. Printing and mailing millions of letters by first class mail – in addition to sending updates as further information becomes available – sees breach costs soar. The provision of credit monitoring and credit repair services must also be added to the total.

Recent research carried out by credit agency TransUnion showed that patients and health plan members may even change provider after a data violation. 65% of respondents taking part in the survey said they would think about making the change after a data breach exposed their confidential history. Civil Action lawsuits can also be taken against health plans and healthcare providers for data breaches on the grounds of negligence.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy