HHS Revises Penalty Table For HIPAA Violations

The health sector is one of the most important sectors in every society that takes care of public health. However, the interest of personal information, as well as financial dealings in this sector, needs to be secured. The government authorities do the same in the US. The organization, HIPAA, also known as Health Insurance Portability and Accountability Act, keeps the people availing the services of the health sector protected from any breach or unfair practice of the organizations catering to public health services.

The department of health and human services makes sure that the law is enforced properly and that it protects the interest of privacy of private health information and financial dealing of the people availing medical services. Any breach of rules is regarded as punishable under law, and the same is covered under civil law violation.

Hence, like most other civil law violations. HIPAA violation also comes with a financial penalty associated with it. If an entity is found guilty, it has to pay the penalty as the punishment. There has been a penalty system existing from 1996 which has recently gone under a thorough revision keeping the inflation rates in mind. As the currency values change so should change the penalties. Hence, HIPAA violations no longer bear the same charges as before and involve a higher amount of penalty.

The Earlier Penalty Structure

The congress introduced the HIPAA law in the year 1996 when the health sector records were maintained manually and the system worked in a very different way compared to the present. However, the penalty was never decided unilaterally. Instead, it had multiple dimension attached to it, depending on the level of culpability associated with a violation, the penalty used to get decided. Hence, it followed a multi-tier system.

The first tier of the penalty referred to the violation that was committed unknowingly. The second layer of penalty was associated with violations made on reasonable ground. The third tier covered all the violations that were done on willful negligence but got corrected by the accused party within a specified time. The final tier, the fourth one, penalized those who violated the HIPAA law on accounts of willful negligence and did not make an attempt to rectify the same.

The minimum amount of penalty per violation and the maximum limit of the same depended largely on the variety of violations done. Also, there was a provision for an annual penalty that dealt with violations committed repeatedly. Taking all these varieties of penalties in the account, the range varied within $100 and $1.5 million.

Though the structure of the HIPAA violation penalty has not been changed, the amount of penalty has surely gone under a revision, which the OCR declared on November 5, 2019.

The Reason For Revision

The authorities sited inflation to be the primary reason for this revision. The penalties set years ago were no longer doing justice with changed market price levels. Owing to several economic reasons, the general price level has changed substantially over the last few years, and the economy is experiencing a completely different level of inflation these days which requires price adjustments at every level. Hence, the suggestion of penalty revision for HIPAA violation was put forward under the Inflation Adjustment Act.

It suggested a way to adjust the prevailing penalties against the market inflation rates. Hence the revised penalties reflect nothing but an inflation-adjusted amount of the penalty where the earlier amounts were taken as the base. Hence, the new set of penalties introduced by the authorities conform to the latest market standards, the face value of money, and currency rates.

The Revised Structure

The following is the revised structure of the HIPAA violation rates, which gives a clear idea of the increment at every level.

Tier No. Level of Culpability Min Penalty(per violation) Max Penalty(per violation) Max Penalty(per year)
1 Without knowledge From $114.29 to  $117 From $57,051 to $58,490 From $1,711,533 to $1,754,698
2 Reasonable Grounds From $1,141 to  $1,170 From $57,051 to  $58,490 From $1,711,533 to $1,754,698
3 Willful negligence with corrective measures From $11,410 to  $11,698 From $57,051 to $58,490 From $1,711,533 to $1,754,698
4 Willful negligence with no corrective measures From $57,051 to $58,490 From $1,711,533 to $1,754,698 From $1,711,533 to $1,754,698


The above figures reflect the change in HIPAA violation penalties from 2018 to 2019. Clearly, the change has not been uniform, and the rate of change is different for various tiers. This is so because the HITECH act revised the rates taking the inclusion of ePHI in the account as the base rates were calculated keeping the PHI standards. The inclusion of the electronic systems in keeping the health sector records has substantially changed the way of working and hence the revision required incorporation of this dimension in calculations as well.

Affordable and efficient, sepStream® provides dependable solutions for any medical field related issues. We offer a wide variety of solutions with a varying range of depth and coverage. We look forward to making every venture a success from the point of view of our customers which makes us industry leaders.