Noncompliance with government regulations can occur simply by lack of understanding the finer points of those regulations. For example, it’s simply impossible for a quick read of ERISA to give you all the information you need to avoid HIPAA noncompliance penalties. In this article, we will examine how consulting with ERISA counsel can give you the in-depth information you need.

Top HIPAA Noncompliance Issues

Like many government programs, ERISA consists of various individual programs, extensive regulations – and stiff penalties for noncompliance. As part of ERISA, HIPAA is intended to keep a patient’s protected health information, or PHI, from being misused or inappropriately disclosed.

Some of the most common types of HIPAA compliance issues include:

  • Impermissible uses and disclosures of protected health information;
  • Lack of safeguards of protected health information;
  • Lack of patient access to their protected health information;
  • Lack of administrative safeguards of electronic protected health information.
  • Use or disclosure of more than the minimum necessary protected health information.

Specific acts range from accidental disclosure of a few people’s protected health information to massive data breaches exposing patients’ confidential medical records.

Penalties for HIPAA Noncompliance

The Office for Civil Rights (OCR) oversees HIPAA compliance, assessing penalties and fines as needed. However, voluntary compliance generally is the preferred method of dealing with HIPAA violations.

Penalties and fines for noncompliance with HIPAA may be based on the type and severity of the HIPAA violation. Fines range from $100 to $50,000 per violation or per record, with an annual cap of $1.5 million. In addition, criminal charges may be filed against egregious violations. Top 2018 HIPAA fines range from

$111,000 for failing to block former employee’s access to electronic PHI (Pagosa Springs Medical Center)


$16 million for the largest health data breach thus far (Anthem).

The best way to avoid having penalties and fines assessed for HIPAA violations is to ensure HIPAA compliance. At the beginning of this article, we noted how extensive HIPAA regulations are. It’s easy to miss something, which is one reason it is so important to have experienced, knowledgeable ERISA counsel to develop a robust HIPAA legal compliance paradigm to avoid costly and time-consuming HIPAA penalties.

Talk to Experienced ERISA Counsel Today

Failing to comply with HIPAA can lead to devastating penalties. Consulting with ERISA counsel can help you avoid HIPAA noncompliance.