HIPAA and the Federal Civil Penalties Adjustment Act Improvements Act

The Federal Civil Penalties Adjustment Act Improvements Act places a heavier burden on healthcare providers to maintain strict compliance with regulations and acts as a motivation to adhere to the standards set for HIPAA compliance. 

What is the Federal Civil Penalties Adjustment Act Improvements Act? 

The Federal Civil Penalties Adjustment Act Improvements Act defines a civil monetary penalty as a penalty, sanction or fine that “(1) is for a specific monetary amount as provided by Federal law or has a maximum amount provided for by Federal law; and (2) is assessed or enforced by an agency pursuant to Federal law; and (3) is assessed or enforced pursuant to an administrative proceeding or a civil action in the Federal courts.”

The law is two fold process: an initial "catch up" adjustment to bring existing CMPs in line with current economic conditions and subsequent annual adjustments to account for inflationary changes. 

In essence, it aims to maintain the deterrent effect of penalties by ensuring they remain financially relevant in relation to the contemporary economic environment. Under this Act, HHS, among other federal agencies, was required to recalibrate penalty amounts, eliminate rounding rules for penalties, and determine the applicability of these adjusted penalties to violations occurring after November 2, 2015.

See also: Understanding HIPAA violations and breaches

How does it apply to HIPAA compliance penalties? 

Under this Act, the penalties for various HIPAA violations have been adjusted to account for inflation and to reflect the changing regulatory landscape. Specifically

1. Increased penalty amounts: The Act has led to increased maximum penalties for HIPAA violations. For instance, the maximum adjusted penalty for certain HIPAA violations that occurred before February 18, 2009, has been increased from $100 to $150.
2. Penalties for willful neglect: The Act raised penalties for HIPAA violations due to willful neglect. Depending on whether the violation was corrected within a specified period, these penalties can range from $11,002 to $55,010 per violation.
3. Penalty caps: The Act also addresses calendar year caps for HIPAA violations, ensuring penalties can add up quickly for organizations with multiple violations.
4. Applicability: These adjusted penalties only apply to violations after November 2, 2015, for which CMPs were assessed after August 1, 2016. Violations before November 2, 2015, or for which penalties were assessed before August 1, 2016, may still be subject to the previous penalty amounts.

Non-HIPAA penalties

1. ACA summaries of benefits and coverage: The maximum adjusted penalty for failing to provide summaries of benefits and coverage under the Affordable Care Act (ACA) increased from $1,000 to $1,087.
2. ACA medical loss ratio reporting: Violations of the ACA's medical loss ratio reporting and rebating rules can result in a maximum annual penalty of $109, up from $100.
3. Offering incentives for non-enrollment: The Act has increased the maximum adjusted penalty for employers or other entities offering financial or other incentives for individuals entitled to benefits not to enroll under a group health plan or large group health plan that would be a primary plan. This penalty has risen from $5,000 to $8,908.
4. Failure to provide information to Medicare: Entities serving as insurers, third-party administrators (TPAs), or fiduciaries for group health plans that fail to provide information identifying situations where the group health plan is or was a primary plan to Medicare may face a maximum adjusted penalty of $1,138, up from $1,000.

See also: The HIPAA Privacy Rule's preemption of state law

The role of the HHS in implementation

The HHS plays a role in the implementation of the Federal Civil Penalties Adjustment Act Improvements Act. HHS's role encompasses several responsibilities, starting with the initial "catch-up" adjustment of CMPs under its jurisdiction to account for inflation. This adjustment ensures that penalties remain relevant and effective in deterring violations of healthcare and insurance regulations. HHS must also make subsequent annual adjustments to CMPs, aligning them with changes in the cost of living. Furthermore, HHS is responsible for identifying penalty levels based on the year and corresponding amounts established by Congress or adjusted before the Act's enactment. In terms of enforcement, HHS actively applies these penalties, particularly in the context of HIPAA. 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is the role of the HHS?

The role of the HHS, the U.S. Department of Health and Human Services, is to enhance the health and well being of all Americans by providing effective health and human services and fostering advances in medicine, public health, and social services.

What is the ACA? 

The ACA, or Affordable Care Act, is a comprehensive healthcare reform law enacted in 2010 that aims to expand health insurance coverage, control healthcare costs, and improve the healthcare delivery system in the United States.

What is HIPAA?

Health Insurance Portability and Accountability Act is a U.S. law that protects the privacy and security of individuals' health information.