As per the Inflation Adjustment Act, the U.S Department of Health and Human Services took into account the inflation rate when issuing civil monetary penalties for HIPAA violations, hence, higher penalties are to be expected now.
Since the final rule became effective last November 5, 2019, HIPAA violations that transpired from February 18, 2009 are issued higher civil monetary penalties. The new penalty framework is detailed in the following table. It shows the penalty tier, the level of culpability, the minimum and maximum penalty per violation in 2018 to 2019 and the new maximum penalty per violation.
| Tier | Level of culpability | Minimum penalty per violation 2018 to 2019 | Maximum penalty per violation 2018 to 2019 | New maximum penalty per violation 2018 to 2019 |
| 1 | No Knowledge | $114.29 » $117 | $57,051 » $58,490 | $1,711,533 » $1,754,698 |
| 2 | Reasonable Cause | $1,141 » $1,170 | $57,051 » $58,490 | $1,711,533 » $1,754,698 |
| 3 | Willful Neglect – Corrective Action Taken | $11,410 » $11,698 | $57,051 » $58,490 | $1,711,533 » $1,754,698 |
| 4 | Willful Neglect – No Corrective Action Taken | $57,051 » $58,490 | $1,711,533 » $1,754,698 | $1,711,533 » $1,754,698 |
Penalty charges for HIPAA violations that happened before February 18, 2009 have gone up to $159 per violation, having a yearly cap of $39,936 for each violation category.
At the beginning of this year, the HHS’ Office for Civil Rights announced lower penalties for HIPAA violations in selected tiers following a re-evaluation of the phrasing of the HITECH Act. There is no change in the highest tier’s maximum penalty for a HIPAA violation, which is still $1.711 million, for each violation category per year. Before the re-evaluation, the maximum HIPAA violation penalty for all tiers was $1.711 million.
*The April 20, 2019 announcement of the notice of enforcement discretion assigned the maximum annual penalties of $10,000 for Tier 1, $100,000 for Tier 2, $250,000 for Tier 3, and $1,711,533 for Tier 4. The notice of enforcement discretion mentioned that the evaluated penalty tiers will likewise be changed in accordance with inflation. OCR used the multiplier to compute the cost-of-living increases according to the 1.02522 Consumer Price Index for all Urban Consumers (CPI-U) in October 2019. Thus, the new maximum penalties now are $25,630.5 for Tier 1, $102,522 for Tier 2, $256,305 for Tier 3, and $1,754,698 for Tier 4.
Although OCR’s notice of enforcement discretion says that OCR is going to adopt the new, adjusted penalties, this is not yet official and is awaiting further rulemaking. There is no legal obligation and no legal rights yet according to the notification of enforcement discretion. Therefore OCR could legally issue the above-mentioned
The Federal Register for all agencies, including the FDA, HRSA, ACF, AHRQ, CMS, OIG, and OCR have published the complete details of the new penalty structure in this (PDF).
