HHS Issues 2020 Penalties for HIPAA Noncompliance
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued final rgulations adjusting civil penalties for annual inflation, including violations of the Health Insurance Portability and Accountability Act (HIPAA). These violations include those under HIPAA’s Privacy and Security Rules and are basesd on a four-tier penalty structure that increases according to level of culpability regarding the violation. These updated penalties increased from 2019 (see our previous blog for a recap) went into effect January 17, 2020, and are listed below:
Culpability |
Minimum Penalty/
|
Maximum Penalty/
|
Annual Limit |
|
Tier 1 |
No Knowledge; no reasonable belief to know |
$119 |
$59,522 |
$1,785,651 |
Tier 2 |
Reasonable Cause |
$1,191 |
$59,522 |
$1,785,651 |
Tier 3 |
Willful Neglect; but timely corrected |
$11,904 |
$59,522 |
$1,785,651 |
Tier 4 |
Willful Neglect; not timely corrected |
$59,522 |
$1,785,651 |
$1,785,651 |
Please Note: In April 2019, OCR issued a Notice of Enforcement Discretion that significantly changed these HIPAA violation penalties. For example, the Annual Limit increased from $25,000 for Tier 1 to $1,500,000 for Tier 4 (check out our previous blog for a re-cap). HHS stated it would engage in further rulemaking to lower these amounts but has yet to do so. Until then, the inflation of penalties above are based on an annual increase from the 2019 penalty structure.
The information and content contained in this blog post are for general informational purposes only, and does not, and is not intended to, constitute legal advice.
