Skip to main content
Toggle Menu of ADA WebSites
ADA Websites
Partnerships and Commissions
Toggle Search Area
Toggle Menu
e-mail Print Share

HHS decreases some caps on penalties for HIPAA violations

May 10, 2019

By David Burger

HIPAA KitWashington — The U.S. Department of Health and Human Services has revised the annual penalty caps for violations of the Health Insurance Portability and Accountability Act, according to an April 30 news release from the department’s Office of Civil Rights.

Until further notice by the HHS, annual caps on penalties for a violation of a HIPAA requirement or prohibition will range from $25,000 for an unknowing HIPAA violation; $100,000 for a HIPAA violation due to reasonable cause but not due to willful neglect; $250,000 for willful neglect corrected within 30 days; and $1.5 million for willful neglect not corrected within 30 days.

HHS previously applied the same penalty cap — $1.5 million — across the four categories of violations, despite different levels of culpability.

Under HIPAA, enacted in 1996, HHS established rules protecting the privacy and security of individually identifiable health information.

In 2009, Congress enacted the Health Information Technology for Economic and Clinical Health Act, that, among other things, strengthened HIPAA enforcement by increasing the minimum and maximum potential penalties for HIPAA violations. A 2013 Enforcement Rule, established by the department as a result of the HITECH Act, elicited concern about imposing a $1.5 million cap for each and every penalty tier. The department concluded that the penalty scheme included inconsistent language and could cause confusion, according to the news release.

The caps would apply to violations of each specific HIPAA requirement or prohibition in a given year, not to all HIPAA violations in a given year. For example, if a dental practice violates more than one HIPAA requirement or prohibition, the cap could be multiplied by the number of different HIPAA provisions violated. Therefore, HIPAA penalties can still involve very large dollar amounts, even in the lower tiers.

The ADA Complete HIPAA Compliance Kit can help dentists design and implement a comprehensive program for HIPAA compliance. Readers can save 15 percent on the HIPAA kit and all ADA Catalog products with promo code 19116 until July 26. To order, visit ADAcatalog.org or call 1-800-947-4746.