The government is lowering its civil monetary penalties under the HITECH Act.
The U.S. Department of Health and Human Services (HHS) plans to reduce HIPAA and HITECH Act penalties by up to 98 percent.
HHS issued its “Notification of Enforcement Discretion Regarding HIPAA Civil Monetary Penalties,” in the April 30, 2019, edition of the Federal Register (84 Fed. Reg. 18151). HHS utilized its enforcement discretion to change the cumulative annual CMP limit for three out of the four penalty tiers identified in the HITECH Act, § 13410(d).
This decision to lower the cumulative annual CMP limit could provide relief to physicians as well as other covered entities, business associates, and subcontractors.
In 2009, Congress enacted the HITECH Act as part of the American Recovery and Reinvestment Act of 2009. One of the key components was its strengthening of HIPAA enforcement by increasing minimum and maximum potential CMPs for HIPAA violations. Specifically, Section 13410(d) of the HITECH Act created four categories of HIPAA violations with corresponding penalty tiers:
If any of the tier definitions were met, then the Secretary shall impose “a penalty for each such violation of an amount that is at least the amount described in paragraph (3)(A) but not to exceed the amount described in paragraph (3)(D).”
These new changes mean that providers and entities who fall under the purview of HIPAA and the HITECH Act will see greatly reduced annual limits for Tiers 1 – 3. The chart below illustrates the changes under the Enforcement Rule.
It’s worth noting that HHS is required to annually adjust limits for inflation pursuant to the Bipartisan Budget Act of 2015 (Pub. L. 114-74, section 701).
Noncompliance with HIPAA and the HITECH Act can still be costly, but physicians can breathe a bit easier knowing that the annual limits for three tiers of noncompliance have been reduced.
It remains to be seen, though, whether this change acts to deter compliance because the monetary risk associated with non-compliance may outweigh the risk of compliance, or if HHS issues more penalties because of the lower annual threshold.
Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.
Asset Protection and Financial Planning
December 6th 2021Asset protection attorney and regular Physicians Practice contributor Ike Devji and Anthony Williams, an investment advisor representative and the founder and president of Mosaic Financial Associates, discuss the impact of COVID-19 on high-earner assets and financial planning, impending tax changes, common asset protection and wealth preservation mistakes high earners make, and more.
How to reduce surprise billing in your practice
November 15th 2021Physicians Practice® spoke with Kristina Hutson, a product line developer at Availity, about surprise billing events in independent healthcare practices and what owners and administrators can do to reduce the likelihood of their occurrence.
How AI billing delivers precision, compliance, and savings
November 26th 2024For healthcare providers, executives, and decision-makers, embracing AI in claims processing is not just a step toward improved financial outcomes—it’s an ethical commitment to better care and a more patient-centered approach to service delivery.