January 17, 2020

HHS Issues 2020 Penalties for HIPAA Noncompliance

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued final rgulations adjusting civil penalties for annual inflation, including violations of the Health Insurance Portability and Accountability Act (HIPAA). These violations include those under HIPAA’s Privacy and Security Rules and are basesd on a four-tier penalty structure that increases according to level of culpability regarding the violation. These updated penalties increased from 2019 (see our previous blog for a recap) went into effect January 17, 2020, and are listed below:

Culpability
Minimum Penalty/
Violation
Maximum Penalty/
Violation
Annual Limit
Tier 1
No Knowledge; no reasonable belief to know
$119
$59,522
$1,785,651
Tier 2
Reasonable Cause
$1,191
$59,522
$1,785,651
Tier 3
Willful Neglect; but timely corrected
$11,904
$59,522
$1,785,651
Tier 4
Willful Neglect; not timely corrected
$59,522
$1,785,651
$1,785,651

Please Note: In April 2019, OCR issued a Notice of Enforcement Discretion that significantly changed these HIPAA violation penalties. For example, the Annual Limit increased from $25,000 for Tier 1 to $1,500,000 for Tier 4 (check out our previous blog for a re-cap). HHS stated it would engage in further rulemaking to lower these amounts but has yet to do so. Until then, the inflation of penalties above are based on an annual increase from the 2019 penalty structure.

 

The information and content contained in this blog post are for general informational purposes only, and does not, and is not intended to, constitute legal advice.

Browse by Category 401(k)Health & Welfare