:mad: What is the monetary penalty for a facility that has violated HIPAA?:confused:

Per section 1177 of HIPAA, a person who knowingly

uses a unique health identifier, or causes one to be used;
obtains individually identifiable health information relating to an individual; or
discloses individually identifiable health information to another person;is in violation of HIPAA regulations. Such persons are subject to the following penalties:
A fine of up to $50,000, or up to 1 year in prison, or both; (Class 6 Felony)
If the offense is committed under false pretenses, a fine of up to $100,000, up to 5 years in prison, or both; (Class 5 Felony)
If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine up to $250,000, or up to 10 years in prison, or both. (Class 4 Felony)
HIPAA also provide for civil fines to be imposed by the Secretary of DHHS "on any person" who violates a provision of it. The maximum is $100 for each violation, with the total amount not to exceed $25,0000 for all violations of an identical requirement or prohibition during a calendar year. (Class 3 Felony)