A HIPAA violation is a failure to comply with any aspect of HIPAA laws and regulations detailed in 45 CFR Parts 160, 162, and 164. It occurs when a covered entity or business associate violates one or more aspects of the HIPAA Privacy Rule, Security Rule, or Breach Notification Rule. The Department of Health and Human Services Office for Civil Rights (OCR) is responsible for the text of all published HIPAA regulations. There are 115 pages of regulations related to HIPAA standards. Unlike civil penalties, the Department of Justice handles criminal violations instead of OCR. They may also result in jail time. A judge decides the HIPAA criminal penalties based on the situation of every case. Each of the three tiers builds off of one another. This means that everything involved in tier one is also involved in tiers two and three. And everything involved in tier two is also involved in tier three. If this sounds confusing, that's ok. Here is a visual to help explain HIPAA criminal penalties.