HIPAA, MSP, and SBC Penalties Indexed as of November 15, 2021

Federal regulators have announced inflationary adjustments to civil monetary penalties for violations occurring on/after November 2, 2015.

Assessments on/after Jan 17, 2020 Assessments on/after Nov 15, 2021
HIPAA Privacy & Security violations
  1. Unintentional violations
  2. Due to reasonable cause and not willful neglect
  3. Willful violations corrected within 30 days
  1. Minimum: $119
  2. Minimum: $1,191
  3. Minimum: $11,904
  1. Minimum: $120
  2. Minimum: $1,205
  3. Minimum: $12,045
    • Caps for each violation above
    • Unclear how these published CY caps tie into the 2019 Notice of Enforcement Discretion which should have lowered the CY caps to $25K/$100K/$250K for tiers 1/2/3 above
  • Maximum: $59,522
  • CY cap: $1,785,651
  • Maximum: $60,226
  • CY cap: $1,806,757
  1. Willful violations not corrected within 30 days
  • Minimum: $59,522
  • CY cap: $1,785,651
  • Minimum: $60,226
  • CY cap: $1,806,757
Medicare Secondary Payer (MSP) violations

  1. Employer incenting or coercing someone not to enroll in a group health plan that would be primary to Medicare
  2. Responsible reporting entity (RRE) failing to identify situations where group plan is primary
  1. $9,639
  2. $1,232
  1. $9,753
  2. $1,247
Summary of Benefits and Coverage (SBC) violations
  • $1,176
  • $1,190

 

IMA will continue to monitor regulator guidance and offer meaningful, practical, timely information.

This material should not be considered as a substitute for legal, tax and/or actuarial advice. Contact the appropriate professional counsel for such matters. These materials are not exhaustive and are subject to possible changes in applicable laws, rules, and regulations and their interpretations.

Recent News

More news

Business
Benefits
Personal
Specialty
Wealth Management