HHS Increases Civil Monetary Penalties – HIPAA Updates
The U.S. Department of Health and Human Services (HHS) has announced increases of civil monetary penalties based on a cost-of-living increase of 1.06222%. These increases are effective for penalties assessed on or after March 17, 2022, for violations occurring on or after November 2, 2015. Continue reading below for potential impacts to employer-sponsored health plans.
- HIPAA Administrative Simplification. HIPAA administrative simplification encompasses standards for privacy, security, breach notification, and electronic healthcare transactions. HIPAA has four levels of violations that reflect increasing levels of culpability, with minimum and maximum penalty amounts within each level and an annual cap on penalties for multiple violations of an identical provision. The indexed penalty amounts for each violation of a HIPAA administrative simplification provision are:
- Level 1: Lack of knowledge. The minimum penalty is $127 (up from $120); the maximum penalty is $63,973 (up from $60,226); and the calendar-year cap is $1,919,173 (up from $1,806,757).
- Level 2: Reasonable cause and not willful neglect. The minimum penalty is $1,280 (up from $1,205); the maximum penalty is $63,973 (up from $60,226); and the calendar-year cap is $1,919,173 (up from $1,806,757).
- Level 3: Willful neglect, if violation is corrected within 30 days. The minimum penalty is $12,794 (up from $12,045); the maximum penalty is $63,973 (up from $60,226); and the calendar-year cap is $1,919,173 (up from $1,806,757).
- Level 4: Willful neglect, if violation is not corrected within 30 days. The minimum penalty is $63,973 (up from $60,226); the maximum penalty is $1,919,173 (up from $1,806,757); and the calendar-year cap is $1,919,173 (up from $1,806,757).
- Medicare Secondary Payer. This statute prohibits a group health plan from “taking into account” Medicare entitlement of a current employee or a current employee’s spouse or family member and imposes penalties for violations. The increased amounts for violations applicable to employer-sponsored health plans are as follows:
- Offering incentives to Medicare-eligible individuals not to enroll in a plan that would otherwise be primary: $10,360 (up from $9,753).
- Failure of responsible reporting entities to provide information identifying situations where the group health plan is primary: $1,325 (up from $1,247).
- Summary of Benefits and Coverage (SBC). An SBC must generally be provided to participants and beneficiaries before enrollment or re-enrollment in a group health plan. The penalty for a health insurer’s or non-federal governmental health plan’s willful failure to provide an SBC is $1,264 (up from $1,190) for each failure.
BASIC HIPAA Service for Compliance
BASIC’s HIPAA Compliance service covers every aspect of legal compliance, from providing all required documents to proactive training for all staff involved with the handling of PHI. Eliminate the guesswork from compliance and documentation and receive access to a compliance expert to assist with client HIPAA questions. Stop worrying about constantly changing legal requirements and leave it to BASIC. Don’t wait to protect your organization, request a proposal today!