February 28, 2020

February 28, 2020

Subscribe to Latest Legal News and Analysis

February 27, 2020

Subscribe to Latest Legal News and Analysis

February 26, 2020

Subscribe to Latest Legal News and Analysis

HHS Decreases Maximum HIPAA Penalties

The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that it is basing the modifications on a change in its interpretation of the penalty provisions set forth in the Health Information Technology for Economic and Clinical Health Act (HITECH) Act.

The practical effect of these modifications will depend on the extent to which HHS seeks to impose penalties on covered entities and business associates for offenses that did not result from willful neglect and that have not been appropriately corrected. The change in penalties does not alter the basic advice to health care providers and health plans: continue to maintain appropriate safeguards against violations of HIPAA’s privacy and security rules and take prompt action in the event of a breach.

As revised, the maximum annual penalty that HHS will assess for any type of HIPAA violation will vary with the entity’s culpability. Previously, this variation applied only to the minimum penalty for each particular violation.

Civil Monetary Penalties

Nature of Offense

Prior Penalty Limits

New Penalty Limits

Did not know and by exercising reasonable diligence would not have known of violation

$100 to $50,000 per violation

Up to $1.5 million per type per year

$100 to $50,000 per violation

Up to $25,000 per type per year

Violation due to reasonable cause

$1,000 to $50,000 per violation

Up to $1.5 million per type per year

$1,000 to $50,000 per violation

Up to $100,000 per type per year

Willful neglect but corrected problem

$10,000 to $50,000 per violation

Up to $1.5 million per type per year

$10,000 to $50,000 per violation

Up to $250,000 per type per year

Willful neglect but did not correct problem

$50,000 per violation

Up to $1.5 million per type per year

$50,000 per violation

Up to $1.5 million per type per year

 

Copyright © by Ballard Spahr LLP

TRENDING LEGAL ANALYSIS


About this Author

Edward I. Leeds, Philadelphia attorney, Ballard Spahr Law firm, Employee Benefits and Executive Compensationattorney
Counsel

Edward I. Leeds concentrates on issues relating to the design, administration, and taxation of health and other welfare benefit plans. His practice has evolved with the laws and market forces that shape those plans. Mr. Leeds advises clients about compliance with the Affordable Care Act, HIPAA, HITECH, COBRA, cafeteria plan rules, and other legal requirements. He prepares clients for audits of their privacy and security measures under HIPAA and advises them about the rules governing wellness initiatives.

Mr. Leeds represents employers in the negotiation and drafting of contracts...

215.864.8419