HIPAA For MSPs by David Sims HIPAA Penalties Increasing
00:00:00 00:00:00

Did you hear that HIPAA penalties increasing is the new trend because of inflation? It has quietly happened. Here is how. Check out the Federal Register entry from September 6, 2016. If you aren’t into reading yourself, don’t worry, you know Donna did. Well, at least the HIPAA parts!

What is going on?

The Federal Civil Penalties Inflation Adjustment Act of 1990 (the Inflation
Adjustment Act)
said that the penalties charged in the laws weren’t being adjusted to keep up with inflation. This meant that the value effect that the civil money penalties (CMP) were supposed to have was slowly degrading over time. A penalty of $1,000 may have been huge at one point but today companies find it cheaper to pay the penalties and abide by the law. So, they passed the law.

However, the law had math issues. The round numbers that we normally see in legal penalties required the calculations to be rounded significantly to. It also capped the adjustments to be at 10 percent.

When you do that math they could never make the adjustments because in order to round up the way they were supposed to, the adjustment would be more than 10 percent. So, the value of the penalties kept dropping.

Along comes the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (the 2015 Act) to “reset” things to adjust for the past issues and fix the calculations going forward.

The old rounding rules are gone. After calculating the inflation amounts, you round to the nearest dollar. CMPs will be adjusted for inflation every year no later than January 15th from now on.

To make up for all the time they weren’t adjusted, they are making one big adjustment in 2016 to all the CMPs to “catch up”.

What are the new CMP amounts due to HIPAA penalties increasing?

Prior to HITECH violations (Before Feb 18, 2009) amounts set in 1996

Per violation $100 to $150
Cal year cap $25,000 to $37,561

Feb 18, 2009 or later

Low end violation – CE or BA did not know of the violation

Per violation min $100 to $110
Per violation max $50,000 to $55,010
Cal year cap $1.5 mil to $1,650,300

Basic Violation – CE or BA violation was not willful neglect

Per violation min $1,000 to $1,100

Corrected – CE or BA violation was willful neglect but corrected in 30 days

Per violation min $10,000 to $11,002

Willful Neglect – CE or BA violation was willful neglect not corrected in 30 days

Per violation min $50,000 to $55,010
Per violation max $1.5m to $1,650,300
Cal year cap $1.5m and $1,650,300

When do they go into effect?

The new penalties apply to any violation that occurred after Nov 2, 2015 whose penalties are assessed after August 1, 2016. So, update your policies and procedures to reflect these amounts for later reference.

How will much will HIPAA penalties increasing change the calculations by?

The Lincare agreement included actual penalties.

HIPAA Penalties Increasing

$25K became $37,561,
$4,800 became $7,200,
$160k became $176k,
In total, $239,800 became $295,883 for a difference of $56,083.