1 minute read
The U.S. Department of Health and Human Services (HHS) published a final rule regarding penalties for HIPAA Privacy and Security Rules. It will apply to penalties assessed on or after October 6, 2023. All civil penalty amounts have increased.
The penalties are arranged into four tiers and depending upon violation type. Penalty amounts range from $137-$68,928. The annual penalty cap is $2,067,813.
The most frequently reported HIPAA compliance problems, resulting in penalties, include:
If a HIPAA violation has occurred, the HHS’ Office for Civil Rights (OCR) may issue a resolution agreement instead of a penalty. A resolution agreement requires the employer to take corrective action and pay a settlement amount which is much lower than a penalty amount. If no action is taken, then the OCR may decide to impose civil penalties.
To ensure compliance, employers with group health plans should periodically review their Privacy and Security Rules. Download the bulletin for more details.