HIPAA Penalties Changed

Posted by BAS - 23 May, 2019

header-picture

The U.S. Department of Health and Human Services recently changed its application of civil money penalties under HIPAA. Under the Health Information Technology for Economic and Clinical Health Act (HITECH), there are four separate penalty tiers for electronic data violations. HHS set minimum and maximum penalty amounts for violations in each tier, with an across the board limit of $1.5 million for all four penalty tiers. The new HHS approach reduces the maximum penalty based on severity of the violations. The dollar limits for violations of identical provisions of HITECH in a calendar year will be the following dollar amounts:

  • Tier 1—Person did not know and, exercising reasonable diligence, would not have known of a violation: $25,000
  • Tier 2—Violation was due to reasonable cause and not willful neglect: $100,000
  • Tier 3—Violation was due to willful neglect and was timely corrected: $250,000
  • Tier 4—Violation was due to willful neglect and was not corrected: $1.5 million.

Topics: MyEnroll360 Security


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more