Fines for HIPAA Penalties Changed to Reflect Lower Caps for Certain Violations

Last Updated: May 8, 2019

The penalty caps for HIPAA violations have changed to reflect an organization’s level of culpability in the breach. The Department of Health and Human Services (HHS) published the rule changes via the Federal Register on April 30, 2019.

Previously, the annual cap on penalties was $1.5 million regardless of how culpable the organization was for the breach. These updated penalty tiers are in effect until further notice:

  • Tier 1/No Knowledge – Minimum penalty per violation of $100 and a maximum penalty per violation of $50,000. Annual limit of $25,000.
  • Tier 2/Reasonable Cause – Minimum penalty per violation of $1,000 and a maximum penalty per violation of $50,000. Annual limit of $100,000.
  • Tier 3/Willful Neglect-Corrected – Minimum penalty per violation of $10,000 and a maximum penalty per violation of $50,000. Annual limit of $250,000.
  • Tier 4/Willful Neglect-Not Corrected – Minimum penalty per violation of $50,000 and a maximum penalty per violation of $50,000. Annual limit of $1,500,000.

The Pennsylvania Medical Society (PAMED) offers HIPAA resources online at www.pamedsoc.org/HIPAA. PAMED members with questions can also contact our Knowledge Center at 855-PAMED4U (855-726-3348) or KnowledgeCenter@pamedsoc.org.


Leave a comment

Return to the art of medicine - MACRA

ng5136-PA-PAMedSociety-DigitalAd-EHRburnout-300x225
Norcal Mutual

Learn More 
ng5136-PA-PAMedSociety-DigitalAd-EHRburnout-970x90