These penalties were indexed in November 2021, but they’re being updated effective March 17, 2022, for violations occurring on/after November 2, 2015.

Regulators also increased the price transparency penalty for hospitals from $304/day maximum fine to $5,500 per day, taking the calendar year max from $100K to over $2 million.  They also increased the $10,000 penalty for a provider’s failure to comply with the No Surprises Act to $10,622.

Assessments on/after Nov 15, 2021 Assessments on/after Nov 15, 2021
HIPAA Privacy & Security violations
  1. Unintentional violations
  2. Due to reasonable cause and not willful neglect
  3. Willful violations corrected within 30 days
  1. Minimum: $120
  2. Minimum: $1,205
  3. Minimum: $12,045
  1. Minimum: $127
  2. Minimum: $1,280
  3. Minimum: $12,794
    • Caps for each violation above
    • Unclear how these published CY caps tie into the 2019 Notice of Enforcement Discretion which should have lowered the CY caps to $25K/$100K/$250K for tiers 1/2/3 above
  • Maximum: $60,226
  • CY cap: $1,806,757
  • Maximum: $69,973
  • CY cap: $1,919,173
  1. Willful violations not corrected within 30 days
  • Minimum: $60,226
  • CY cap: $1,806,757
  • Minimum: $63,973
  • CY cap: $1,919,173
Medicare Secondary Payer (MSP) violations

  1. Employer incenting or coercing someone not to enroll in a group health plan that would be primary to Medicare
  2. Responsible reporting entity (RRE) failing to identify situations where group plan is primary
  1. $9,753
  2. $1,247
  1. $10,360
  2. $1,325
Summary of Benefits and Coverage (SBC) violations
  • $1,190
  • $1,264

 

IMA will continue to monitor regulator guidance and offer meaningful, practical, timely information.

This material should not be considered as a substitute for legal, tax and/or actuarial advice. Contact the appropriate professional counsel for such matters. These materials are not exhaustive and are subject to possible changes in applicable laws, rules, and regulations and their interpretations.

Recent News

More news