People who violate HIPAA can face both civil and criminal penalties, including fines and/or imprisonment for one to 10 years. Criminal penalties can be imposed on doctors that knowingly violates the Privacy Rule and/or disclose a patient's PHI for personal gain, false pretenses, or malicious purposes.
Unintentional mistakes will not be punished though, and enforcement rules have not even been published yet.
