Privacy and client confidentiality are the bedrock of your business.  That’s why it’s critical that you understand HIPAA legislation and abide by it.  It’s a lot to get and keep a handle on, and you sometimes worry that you’re overlooking something, no matter how hard you study and try to understand HIPAA compliance regulations.  After all, you don’t know the answer to the question, “Can an office manager be sued for a HIPAA violation?”

What if it was just an oversight?

It’s important information for you to nail-down.

The Health Insurance Portability and Accountability Act, also known as HIPAA, became United States law in 1996 under President Bill Clinton.  The act aims at providing legislation regarding the privacy and security mandates for data to ensure the protection and safe transmission of patient medical records.   Under this law, all medical practices – regardless of sector – are required to comply with the regulations outlined in the act.  Failure to do so is to breach federal law and carries severe penalties.

What are the penalties for HIPAA compliance infractions?

Can you – an office manager be sued for HIPAA violation – even an unintentional one? 

Feel in over your head trying to understand HIPAA regulations?  Could you use a helping hand?  Contact healthcare IT professionals Blue Star at (574) 975-0767 or  We specialize in HIPAA compliance and are ready to get to work for you. 

HIPAA compliance is a complicated issue, for sure.  Here are some key things to understand if you think you may have accidentally violated HIPAA regulations:

What exactly does this mean?  Under HIPAA, there is no provision for an individual to sue an office manager for HIPAA violation – either real or perceived. In regard to HIPAA, for an individual to pursue a private lawsuit against an office manager, they must first look to state law to see if there are any allowances at the state level to permit this.   In essence, this means that it is highly unlikely that you can or will be sued for a HIPAA violation by a patient.  However, the current legal landscape is changing, and this is not a simple issue.

  • There is another avenue for formal complaints.

Though an office manager or business cannot be directly sued for damages under HIPAA, it is within the patient’s rights to file a formal complaint with the United States Department of Health and Human Services Office for Civil Rights also known as OCR.  Historically, pursuing litigation through OCR has yielded court orders for future compliance rather than criminal proceedings or civil damages.  The intent is to encourage future compliance rather than to force companies to expend resources on attorney and court fees and possible damages.  But…times, they are a-changing.

To date, there have been very few compliance complaints filed with OCR – largely because the results are not within the scope of what the complainant hoped for, and therefore, they opted not to follow through with their suit.

  • The federal government has hinted that an inclusion of private right of action for HIPAA violations is forthcoming.

What does this mean for the medical office manager? Simply put, it means that lawsuits resulting from HIPAA compliance violations could very well be looming on the horizon.  What needs to be noted is that it is not the financial implications that are the most damaging to any medical practice.  Lawsuits play out in the public domain – meaning that your entire roster of patients may have access to the knowledge that in some way your office is guilty of HIPAA compliance violations.  The most dangerous thing to come out of these lawsuits is irreparable harm to your reputation.

More than that, the seriousness of this improperly disclosed data can have life-changing consequences for your patients.  Worse than a loss of a great reputation is the knowledge that you have caused harm to the people you are sworn to protect and help. Intentional or not, once out there, it cannot be changed or taken back.  The results are the same: harm to you and to your patient.

So…you may be safe from private lawsuits for compliance failures, but you will still pay the piper.  OCR can and will fine you even if the violation was completely unintentional. So, when we think about the question of, “Can an office manager be sued for a HIPAA violation?” We have to consider that serious financial risk can come from government fines.

The penalties for HIPAA violations can carry both civil and criminal charges.  Fines range from $100 for a first-time accidental violation to as much as 1.5 million dollars and jail time for willful neglect.

HIPAA divides the criminal penalties into three different categories:

  1. Reasonable cause or no knowledge of violation
  2. Obtaining information under false pretenses
  3. Obtaining information for personal gain or malicious intent

Any of these infractions can and will result in prison sentences for the offending party.

What does this mean for a healthcare administrator who is worried about the question of “can an office manager be sued for a HIPAA violation?”

This means that the seriousness of HIPAA compliance cannot be overstated.  Patient privacy and confidentiality is paramount.  No matter how full your busy work days; no matter how overwhelming the compliance legislation can be—you’ve got to stay on top of HIPAA compliance procedures.

While an individual cannot sue an office manager personally for HIPAA compliance violations, there is no doubt there is a severe penalty to be paid.

So, can an office manager be sued for a HIPAA violation? 

Privately, probably not.  Federally, however, there is the very real risk of being fined along with the company you work for.

Worries about accidental HIPAA infractions keeping you awake at night?

Let the Blue Star professional healthcare IT services team take HIPAA compliance worries off your hands.  We are your expert team well versed in HIPAA regulations to keep you compliant and worry-free – 24/7.

Contact us now at (574) 975-0767 or to partner with the best HIPAA compliance team, who will help you walk through a more thorough explanation in answer to the question, “Can an office manager be sued for a HIPAA violation?”

Published on 3rd October 2017 by Jon Morningstar

Make The Change To Michiana's Most Trusted IT and Computer Services Company

Looking to implement a new line of business applications or replace an old server? With our approach to IT project delivery, we help prevent scope creep and keep budgets in line with budgeted project costs.

Call us today at (574) 975-0767 or email Stay social, Follow us!