HHS recently issued a final rule (the “HHS Rule”), which sets out the inflation-adjusted civil monetary penalty (“CMP”) amounts that HHS is authorized to assess for violations of HIPAA. The following adjusted CMP amounts are applicable to certain types of violations that occur after November 2, 2015, for which CMPs are assessed on or after August 8, 2024:
|
|
|
Prior Amount |
Adjusted Amount |
|
Violations under a “did not know/would not have known through exercising reasonable diligence” standard |
Minimum: Maximum: Calendar Year Cap: |
$137 $68,928 $2,067,813 |
$141 $71,162 $2,134,831 |
|
Violations under a “reasonable cause/not willful neglect” standard |
Minimum: Maximum: Calendar Year Cap: |
$1,379 $68,928 $2,067,813 |
$1,424 $71,162 $2,134,831 |
|
Violations under a “willful neglect” standard, with timely correction |
Minimum: Maximum: Calendar Year Cap: |
$13,785 $68,928 $2,067,813 |
$14,232 $71,162 $2,134,831 |
|
Violations under a “willful neglect” standard, with untimely correction |
Minimum: Maximum: Calendar Year Cap: |
$68,928 $2,067,813 $2,067,813 |
$71,162 $2,134,831 $2,134,831 |
These monetary penalties can be significant. Plan sponsors are advised to assess the compliance of their group health plans with the HIPAA requirements and to take any required remedial action before penalties are assessed for a violation.
The HHS Rule is available here.