HHS Lowers Cumulative Annual Limits for HIPAA Violations

Source - Privacy and Data Security Alert | May 2019

HHS Lowers Cumulative Annual Limits for HIPAA Violations

May 2019

The U.S. Department of Health and Human Services (HHS) has issued revised monetary-penalty limits for Health Insurance Portability and Accountability Act (HIPAA) violations by covered entities. Under the revisions, the maximum annual penalty for violations per tier of culpability would be:

Culpability	Old Annual Limit	New Annual Limit
No Knowledge	$1,500,000	$25,000
Reasonable Cause	$1,500,000	$100,000
Willful Neglect - Corrected	$1,500,000	$250,000
Willful Neglect - Not Corrected	$1,500,000	$1,500,000

While each tier is capped, an entity can violate multiple tiers depending on the circumstances of violation. Accordingly, the Office of Civil Rights (OCR) can issue penalties up to the annual limit for more than one tier.

TAKEAWAY: The revised monetary-penalty limits are consistent with the decreased enforcement activity we have seen from the OCR in the last few years.

Read the HHS Notification >>

HHS Lowers Cumulative Annual Limits for HIPAA Violations

Contacts

Alfred J. Saikali

Colman McCarthy

Kate Paine

Related

Foot Locker Obtains Summary Judgment in FCRA Class Action

West Virginia Affirms Summary Judgment for Retailer in Unfair Sales Practices Litigation

Court Denies Class Certification to Plaintiff

Honey Litigation Settled Favorably

Client Prevails in Missouri Merchandising Practices Act Case

The Price is Wrong: Amendment to the California Consumers Legal Remedies Act Requires New Price Disclosures

Class Action Decisions Published February 2024

Class Action Decisions Published January 2024

Class Action Decisions Published March 2023

Class Action Decisions Published February 2023

Explore Retail Industry