The U.S. Department of Health and Human Services recently changed its application of civil money penalties under HIPAA. Under the Health Information Technology for Economic and Clinical Health Act (HITECH), there are four separate penalty tiers for electronic data violations. HHS set minimum and maximum penalty amounts for violations in each tier, with an across the board limit of $1.5 million for all four penalty tiers. The new HHS approach reduces the maximum penalty based on severity of the violations. The dollar limits for violations of identical provisions of HITECH in a calendar year will be the following dollar amounts: