If you kill one person you are a murderer if you kill a few thousand  you area general or  a president.

 In my experience  a physician had to pay a fine of $ 5000 and bear legal costs of about 45000 for a single inadvertent HIPPA violation .
who is going to pay  for this >
CMS Blue Button 2.0 Coding Bug Exposed PHI of 10,000 Medicare Beneficiaries

CMS Blue Button 2.0 Coding Bug Exposed PHI of 10,000 Medicare Beneficiaries

The Blue Button platform is used by Medicare beneficiaries to authorize third-party applications, services, and research programs to access their claims data. A CMS identity management system verifies user credentials through a randomly generated unique user ID, which ensures the correct beneficiary claims data is shared with the correct third-party applications.

The CMS discovered a coding bug was causing Blue Button 2.0 to truncate a 128-bit user ID to a 96-bit user ID.  A 96-bit user ID is not sufficiently random and, as a result, the same truncated user ID was assigned to different beneficiaries. That meant that some of the beneficiaries with the same truncated user ID in the identity management system had their claims data passed to other users and applications via Blue Button 2.0.