The Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (the “Inflation Adjustment Act”) directs federal agencies to adjust the civil monetary penalties for inflation. On August 8, 2024, the Department of Health and Human Services (“HHS”) issued final rules adjusting civil monetary penalties for inflation.

The adjusted penalties are applicable to penalties assessed on or after August 8, 2024, if the violation occurred on or after November 2, 2015.

Below are the penalties applicable to group health plans:

Description 2023 Penalty (Prior) 2024 Penalty (New)
Pre-February 18, 2009 violation of HIPAA administrative simplification provisions $187 per violation, $47,061 annual cap $193 per violation, $48,586 annual cap
February 18, 2009 or later violation of HIPAA administrative simplification provision without knowledge $137 min. $68,928 max. $2,067,813 annual cap $141 min. $71,162 max. $2,134,831 annual cap
February 18, 2009 or later violation of HIPAA administrative simplification provision with reasonable cause and not to willful neglect $1,379 min. $68,928 max. $2,067,813 annual cap $1,424 min. $71,162 max. $2,134,831 annual cap
February 18, 2009 or later violation of HIPAA administrative simplification provision due to willful neglect AND corrected during 30-day period $13,785 min. $68,928 max. $2,067,813 annual cap $14,232 min. $71,162 max. $2,134,831 annual cap
February 18, 2009 or later violation of HIPAA administrative simplification provision due to willful neglect AND NOT corrected during 30-day period $68,928 min. $2,067,813 max. $2,067,813 annual cap $71,162 min. $2,134,831 max. $2,134,831 annual cap
Failure to provide the Summary of Benefits and Coverage (“SBC”) $1,362 per day $1,406 per day
Penalty for an employer or other entity to offer financial or other incentive to individual entitled to Medicare/Medicaid benefits not to enroll under a group health plan that would be primary $11,162 $11,524
Penalty for entity serving as insurer, TPA, or fiduciary for a group health plan that fails to provide information to HHS Secretary identifying when the GHP was primary payer to Medicare $1,428 $1,474

Employer Action

Covered Entities must ensure proper application and compliance with HIPAA’s Privacy and Security Rules.

Employers should avoid using incentives to discourage Medicare/Medicaid eligible employees from enrolling in the employer’s health plan.

Employers should be aware of the SBC disclosure requirement and ensure employees receive SBCs in a timely fashion (e.g., in connection with open enrollment).

Contact Us

Our Advisors offer in-depth analysis and are ready to help you successfully navigate employee benefits and health insurance.

Our website uses cookies.  Click here to view our privacy policy.