Maximum penalties under HIPAA Revised

Under HIPAA-HITECH Act, penalties for violation of the Privacy rules were pegged at a maximum of US Dollars 1.5 million per type of violation. The caps would apply to violations of each specific HIPAA requirement or prohibition in a given year, not to all HIPAA violations in a given year.

For example, if a covered entity violated more than one HIPAA requirement or prohibition, the cap could be multiplied by the number of different HIPAA provisions violated.

Now, as per a recent order, HHS has changed the rules related to the application of maximum penalties. It will no longer be $1.5 million per violation per year. It would be different for different types of violations.

Until further notice by the HHS, annual caps on penalties for a violation of a HIPAA requirement or prohibition will range from $25,000 for an unknowing HIPAA violation; $100,000 for a HIPAA violation due to reasonable cause but not due to willful neglect; $250,000 for willful neglect corrected within 30 days; and $1.5 million for willful neglect not corrected within 30 days.


Print Friendly, PDF & Email
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.