25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

HHS Increases HIPAA Penalties for 2020 to Account for Inflation

Posted By on Jan 20, 2021

The Department of Health and Human Services has adopted new minimum and maximum penalties for HIPAA violations for 2020 to account for changes to the cost of living.

The HHS’ Office of the Assistant Secretary for Financial Resources has now implemented a final rule on the new federal civil monetary penalties under the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. The changes to penalty amounts are intended to maintain the deterrent effect of federal civil monetary penalties.

The adjustments to the penalties are calculated based on the Consumer Price Index for all Urban Consumers (CPI–U) from the previous month, which are applied as a multiplier to the existing minimum and maximum civil monetary penalty amounts. The cost-of-living multiplier for 2020 is 1.01764. Previous cost-of-living multipliers were 1.01636 (2017), 1.02041 (2018), and 1.02522 (2019).

The final rule took effect on Sunday, January 17, 2020, and applies to penalties assessed on or after January 17, 2020, if the violation occurred on or after November 2, 2015. These penalties will apply until the next inflation increase.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA Violation Penalty Amounts from January 17, 2021

Penalty Tier Culpability Minimum Penalty per Violation

 

 Max Penalty per Violation Maximum Penalty Per Year (Capped)
Tier 1 Lack of Knowledge $117 » $119 $58,490 » $59,522 $1,754,698 » $1,785,651
Tier 2 Reasonable Cause $1,170 » $1,191 $58,490 » $59,522 $1,754,698 » $1,785,651
Tier 3 Willful Neglect $11,698 » $11,904 $58,490 » $59,522 $1,754,698 » $1,785,651
Tier 4 Willful Neglect (not corrected within 30 days) $58,490 » $59,522 $1,754,698 » $1,785,651 $1,754,698 » $1,785,651

The civil monetary penalty for each pre-February 18, 2009 violation of the HIPAA administrative simplification provisions has increased from $150 per violation to $162, and the calendar year cap has increased from $39,936 to $40,640.

OCR’s 2019 Notice of Enforcement Discretion for HIPAA Violations

The figures indicated in the table above have been published in the Federal Register, but the HHS’ Office for Civil Rights (OCR) is not currently applying penalties at those levels. The above penalty amounts are based on the original HHS interpretation of the HIPAA violation penalties mandated by the HITECH Act of 2009.

When applying the HITECH Act penalties, the HHS initially interpreted the language of the Act as calling for the maximum penalty for HIPAA violations to be applied at the same level for all penalty tiers, which at the time was $1.5 million per calendar year (subsequently adjusted annually for inflation). In 2019, the HHS reviewed the language of the HITECH Act and reinterpreted the requirements as calling for a different maximum annual penalty for each of the 4 penalty tiers.

On April 30, 2019, OCR published a Notice of Enforcement Discretion in the Federal Register regarding HIPAA civil monetary penalties that set a different penalty cap for each violation tier to reflect the severity of the violation.

The Notice of Enforcement Discretion is effectively indefinitely, although until the HHS makes further rulemaking, the inflation adjustments are applied to the penalty amounts of the original interpretation, with OCR exercising enforcement discretion and applying fines based on the new interpretation of the language of the HITECH Act.

As such, the penalty structure adopted by OCR is detailed in the table below:

2020 HIPAA Violation Penalty Amounts Under OCR’s 2019 Notice of Enforcement Discretion

Per the Notice of Enforcement Discretion, the inflation adjusted penalty amounts are now:

 

Penalty Tier

 Culpability Minimum Penalty per Violation – Inflation

Adjusted

 Max Penalty per Violation – Inflation Adjusted Annual Limit
Tier 1 Lack of Knowledge $119 $59,522 $29,761
Tier 2 Reasonable Cause $1,191 $59,522 $119,044
Tier 3 Willful Neglect $11,904 $59,522 $297,610
Tier 4 Willful Neglect (not corrected within 30 days) $59,522 $1,785,651 $1,785,651

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist