The Department of Health and Human Services has announced adjustments of civil monetary penalties for statutes within its jurisdiction. The latest adjustments are based on a cost-of-living increase of 1.07745%. These adjustments are effective for penalties assessed on or after October 6, 2023, for violations occurring on or after November 2, 2015. Following are highlights of the adjustments potentially affecting employee benefit health plans.
HIPAA
The HIPAA administrative simplification provisions encompass standards for privacy, security, breach notification, and electronic health care transactions. HIPAA has four tiers of violations that reflect increasing levels of culpability, with minimum and maximum penalty amounts outlined within each tier and an annual cap on penalties for multiple violations of an identical provision. The newly indexed penalty amounts for each violation of a HIPAA administrative simplification provision are as follows:
|
Minimum Penalty |
Maximum Penalty |
Calendar Year Max |
Tier1
Lack of knowledge |
$137 |
$68,928 |
$2,067,813 |
Tier 2
Reasonable cause and not willful neglect |
$1,379 |
$68,928 |
$2,067,813 |
Tier 3
Willful neglect, corrected within 30 days |
$13,785 |
$68,928 |
$2,067,813 |
Tier 4
Willful neglect, not corrected within 30 days |
$68,928 |
$2,067,813 |
$2,067,813 |
Medicare Secondary Payer
The Medicare Secondary Payer statute prohibits a group health plan from “taking into account” the Medicare entitlement of a current employee or a current employee’s spouse or family member and imposes penalties for violations. The indexed amounts for violations applicable to employer-sponsored health plans are as follows:
|
Annual Penalty |
Offering Incentives
Offering incentives to Medicare-eligible individuals not to enroll in a plan that would otherwise be primary |
$11,162 |
Failure to Respond
Failure of responsible reporting entities to provide information identifying situations where the group health plan is primary |
$1,428 |
Summary of Benefits and Coverage (SBC)
An SBC generally must be provided to participants and beneficiaries before enrollment or re-enrollment in a group health plan.
|
Per Incident Penalty |
Willful Failure
Willful failure to provide an SBC as required |
$1,362 |
Timing of Penalty Changes
The annual adjustments to penalties are designed to preserve their deterrent effect in the face of inflation. The HHS’s “annual” adjustments are supposed to be made by January 15 of each year, but in practice have come at irregular intervals. The last adjustment was made on March 17, 2022.
Employer Action
These monetary penalties are significant; thus, we recommend that employers assess their group health plan HIPAA compliance program and confirm that policies and procedures are effectively deployed and that HIPAA training is in place for all employees with access to PHI.
As a reminder, Vita provides a HIPAA Compliance Program for group health plans. In addition, a 20-minute Critical HIPAA Training video is available on demand for employees who have access to PHI and need to be trained.
Reference
HHS, Annual Civil Monetary Penalties Inflation Adjustment, 45 CFR Part 102, 88 Fed. Reg.69531 (Oct. 6, 2023)
