Did you hear that HIPAA penalties increasing is the new trend because of inflation? It has quietly happened. Here is how. Check out the Federal Register entry from September 6, 2016. If you aren’t into reading yourself, don’t worry, you know Donna did. Well, at least the HIPAA parts!
What is going on?
The Federal Civil Penalties Inflation Adjustment Act of 1990 (the Inflation
Adjustment Act) said that the penalties charged in the laws weren’t being adjusted to keep up with inflation. This meant that the value effect that the civil money penalties (CMP) were supposed to have was slowly degrading over time. A penalty of $1,000 may have been huge at one point but today companies find it cheaper to pay the penalties and abide by the law. So, they passed the law.
However, the law had math issues. The round numbers that we normally see in legal penalties required the calculations to be rounded significantly to. It also capped the adjustments to be at 10 percent.
When you do that math they could never make the adjustments because in order to round up the way they were supposed to, the adjustment would be more than 10 percent. So, the value of the penalties kept dropping.
Along comes the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (the 2015 Act) to “reset” things to adjust for the past issues and fix the calculations going forward.
The old rounding rules are gone. After calculating the inflation amounts, you round to the nearest dollar. CMPs will be adjusted for inflation every year no later than January 15th from now on.
To make up for all the time they weren’t adjusted, they are making one big adjustment in 2016 to all the CMPs to “catch up”.
What are the new CMP amounts due to HIPAA penalties increasing?
Prior to HITECH violations (Before Feb 18, 2009) amounts set in 1996
Per violation | $100 to $150 |
Cal year cap | $25,000 to $37,561 |
Feb 18, 2009 or later
Low end violation – CE or BA did not know of the violation
Per violation min | $100 to $110 |
Per violation max | $50,000 to $55,010 |
Cal year cap | $1.5 mil to $1,650,300 |
Basic Violation – CE or BA violation was not willful neglect
Per violation min | $1,000 to $1,100 |
Corrected – CE or BA violation was willful neglect but corrected in 30 days
Per violation min | $10,000 to $11,002 |
Willful Neglect – CE or BA violation was willful neglect not corrected in 30 days
Per violation min | $50,000 to $55,010 |
Per violation max | $1.5m to $1,650,300 |
Cal year cap | $1.5m and $1,650,300 |
When do they go into effect?
The new penalties apply to any violation that occurred after Nov 2, 2015 whose penalties are assessed after August 1, 2016. So, update your policies and procedures to reflect these amounts for later reference.
How will much will HIPAA penalties increasing change the calculations by?
The Lincare agreement included actual penalties.
$25K became $37,561,
$4,800 became $7,200,
$160k became $176k,
In total, $239,800 became $295,883 for a difference of $56,083.