Skip to content

What Is the Average Cost of a HIPAA or OSHA Violation?

OSHA and HIPAA carry serious fines if any facility is found in violation. Here’s what you need to know about fines, how much they can cost, and what you can do to mitigate risk.

Ensuring OSHA compliance in a healthcare environment can be a daunting task, mostly because of the amount of activity and work environment settings that occur in these types of organizations. It is up to healthcare facilities to go far beyond patient and staff safety by also maintaining OSHA compliance, which is crucial to reducing not only costs, but risks to the facility itself.

For HIPAA compliance, the safety lies with protecting personal health information, or PHI. HIPAA’s privacy rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of medical records and other PHI for whatever period that such information is maintained by a covered entity, including through disposal.

OSHA and HIPAA Citations: How Much Do They Cost?

As of January 13, 2017, OSHA violations have increased significantly. Businesses and work sites are subject to periodic OSHA inspections, and employee safety complaints can also trigger OSHA inspections. These inspections may detect violations of OSHA codes that range from minor to extremely hazardous. The fees are as follows:

  • $12,675 maximum penalty per violation of serious or other-than-serious posting requirements. The fine was previously $12,471 per violation.
  • $12,675 maximum penalty per day for failure to abate, or failure to fix or improve, beyond the initial abatement date. The fine was previously $12,471 per day.
  • $126,749 maximum penalty for willful or repeat violations. The fine was previously $124,709 for repeat offenses.

For HIPAA violations, penalties depends on the level of negligence. Citations can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.

If these parameters make you nervous, then this might be a good time to revisit your organization’s HIPAA and OSHA compliance program.

Learn From These Mistakes

According to publicly available data, these are some of the biggest HIPAA violations to date:

  1. Memorial Healthcare System in Hollywood, Fla., paid $5.5 million in 2017 to settle allegations that employees inappropriately disclosed 115,143 individuals’ data to affiliated physician office staff.
  2. Advocate Health Care Network agreed to pay $5.5 million in 2016 after an investigation showed it had failed to protect patient data, which led to the loss of 4 million patients’ information in 2013.
  3. NewYork-Presbyterian Hospital and Columbia University, both based in New York City, paid a total of $4.8 million in 2014 to settle a 2010 data breach related to their shared data network.

In October 2016, two Atlantic Drain Service Company employees were killed when the trench in which they were working collapsed. In addition to the proposed fine, OSHA cited Atlantic for 18 safety violations, including not implementing adequate trench safety measures.

Investigators with the Occupational Safety and Health Administration found 10 separate violations at Tesla, Inc., most of which carried a fine of $12,934 each.

Better complying with OSHA standards will not only keep employees and managers out of hot water, but will also save lives. Conversely, protecting patient information under the confines of HIPAA regulations keeps patients’ identities safe and maintains your credibility. Unsure of these regulations and how they pertain to you? Let Red Bags show you the way through our compliance training programs and speaking with our expert staff members. Contact us today.

You Might Also Like:

OSHA Violation

Service Areas: Long Island Medical Waste; New York City Medical Waste; Westchester Medical Waste and more!