Published on 15 Oct 2018 • USA (National/Federal) |
Statutory and Regulatory Provisions | Description of Violation | 2018 Penalty (As Adjusted) |
Pre-February 18, 2009 violations of HIPAA's administrative simplification provisions. (February 18, 2009 was the effective date of certain increased penalties for HIPAA violations under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).) | $155 $38,954 (calendar year cap) | |
February 18, 2009 or later violations of HIPAA's administrative simplification provisions, if it is established that a covered entity (CE) or business associate (BA) did not know (and by exercising reasonable diligence would not have known) that the CE or BA violated the provision. | $114 (minimum) $57,051 (maximum) $1,711,533 (calendar year cap) | |
February 18, 2009 or later violations of HIPAA's administrative simplification provisions, if it is established that the violation was due to reasonable cause and not willful neglect. | $1,141 (minimum) $57,051 (maximum) $1,711,533 (calendar year cap) | |
February 18, 2009 or later violations of HIPAA's administrative simplification provisions, if it is established that the violation was due to willful neglect and was corrected during the 30-day period beginning on the first date the CE or BA knew (or by exercising reasonable diligence would have known) that the violation occurred. | $11,410 (minimum) $57,051 (maximum) $1,711,533 (calendar year cap) | |
February 18, 2009 or later violations of HIPAA's administrative simplification provisions, if it is established that the violation was due to willful neglect and was not corrected during the 30-day period beginning on the first date the CE or BA knew (or by exercising reasonable diligence would have known) that the violation occurred. | $57,051 (minimum) $1,711,533 (maximum) $1,711,533 (calendar year cap) | |
Failure to provide summaries of benefits and coverage (SBCs) (see Practice Note, Summaries of Benefits and Coverage under the ACA). | $1,128 | |
Violations of the Affordable Care Act's (ACA's) medical loss ratio reporting and rebating rules (see Legal Update, Guidance on Plan Asset Implications of Medical Loss Ratio Rebates). | $113 | |
An employer or other entity offering any financial or other incentive for an individual entitled to benefits not to enroll under a group health plan or larger group health plan that would be a primary plan. | $9,239 | |
Failure of an entity serving as an insurer, third-party administrator (TPA), or fiduciary for a group health plan to provide information identifying situations where the group health plan is (or was) a primary plan to Medicare to HHS. | $1,181 | |
Failure to comply with the requirements of the Public Health Services Act (PSHA) or violations of rules or standards of behavior associated with insurer participation in the ACA's federally facilitated health insurance exchanges (see Article, Health Insurance Exchange and Related Requirements under the ACA). | $155 | |
Providing false information on an exchange application | $28,195 | |
Knowingly or willfully providing false information on an exchange application. | $281,949 | |
Knowingly or willfully disclosing protected information from the exchange. | $28,195 |