Personally, I wouldn't stake my future on hoping the government doesn't notice what my hypothetical law-breaking company is doing. Or that my law-breaking unethical CEO won't lie and try to throw me under the bus if/when the company eventually gets caught.
I'll restate that I recommend OP talk to a knowledgeable lawyer to get an informed assessment of what kind of risks he/she is undertaking.
I understand the difference between odds and risk. The risk is high (assuming you use the harshest possible penalties) but the odds are infinitesimally long.
Google and find who has actually faced penalties from HIPAA violations and what those penalties were. How many serious fines/prison sentences have been handed down? Who was at fault? Were they random no-name startups?
Personally, I wouldn't stake my future on hoping the government doesn't notice what my hypothetical law-breaking company is doing. Or that my law-breaking unethical CEO won't lie and try to throw me under the bus if/when the company eventually gets caught.
I'll restate that I recommend OP talk to a knowledgeable lawyer to get an informed assessment of what kind of risks he/she is undertaking.