The Department of Health and Human Services (HHS) recently released inflation-adjusted increases for certain HHS-related penalties, including those for violations of the Health Insurance Portability and Accountability Act (HIPAA) rules and the Medicare Secondary Payer (MSP) rules[1].
These adjustments are effective for penalties assessed on or after October 6, 2023, for violations occurring on or after November 2, 2015.
The reference table below highlights the inflation-adjusted HHS penalty increases directly (or indirectly) impacting employer-sponsored group health plans:
HHS Enforcement Item |
Violation |
2023 Penalty |
2022 Penalty (Prior) |
HIPAA |
Violation of a HIPAA administrative simplification provision due to lack of knowledge[2] (Tier 1) |
$137 minimum |
$127 minimum |
$68,928 maximum |
$63,973 maximum |
||
$2,067,813 — calendar year cap |
$1,919,173 — calendar year cap |
||
HIPAA |
Violation of a HIPAA administrative simplification provision due to reasonable cause and not willful neglect (Tier 2) |
$1,379 minimum |
$1,280 minimum |
$68,928 maximum |
$63,973 maximum |
||
$2,067,813 — calendar year cap |
$1,919,173 — calendar year cap |
||
HIPAA |
Violation of a HIPAA administrative simplification provision due to willful neglect and corrected within 30 day period[3] (Tier 3) |
$13,785 minimum |
$12,794 minimum |
$68,928 maximum |
$63,973 maximum |
||
$2,067,813 — calendar year cap |
$1,919,173 — calendar year cap |
||
HIPAA |
Violation of a HIPAA administrative simplification provision due to willful neglect and not corrected within 30 day period[4] (Tier 4) |
$68,928 minimum |
$63,973 minimum |
$2,067,813 maximum |
$1,919,173 maximum |
||
$2,067,813 — calendar year cap |
$1,919,173 — calendar year cap |
||
Medicare Secondary Payer |
An employer or other entity offering financial incentives to individuals entitled to Medicare not to enroll in a plan that would otherwise be primary |
$11,162 |
$10,360 |
Medicare Secondary Payer |
Failure by an insurer, third-party administrator, or group health plan fiduciary to provide information to the HHS Secretary identifying situations where the group health plan is or was a primary plan to Medicare. |
$1,428 |
$1,325 |
Affordable Care Act |
Failure to provide a Summary of Benefits and Coverage (SBC). |
$1,362 |
$1,264 |
Affordable Care Act |
Failure of a health plan insurer to comply with medical loss ratio (MLR) reporting and rebating regulations |
$136 |
$126 |
In an effort to avoid these penalties, employers are advised to review their plan practices and processes to ensure compliance with applicable HHS requirements.
As a reminder, MSP rules prohibit employers from offering financial incentives to individuals entitled to Medicare to not enroll in the employer group health plan that would otherwise be primary to Medicare.
In addition to applicable HHS penalties, ERISA[5] group health plans are also subject to annually adjusted DOL penalties. Click here for more information.
Please reach out to your Risk Strategies team member with any questions or contact us directly at benefits@risk-strategies.com.
[1] The Medicare Secondary Payer statute prohibits a group health plan from “taking into account” the Medicare entitlement of a current employee or a current employee’s spouse or family member and imposes penalties for violations.
[2] HIPAA administrative simplification comprises standards for privacy, security, breach notification, and electronic health care transactions.
[3] 30 day period of when the covered entity knew — or would have known by exercising reasonable diligence — about the violation.
[4] 30 day period of when the covered entity knew — or would have known by exercising reasonable diligence — about the violation.
[5] ERISA means the Employee Retirement Income Security Act of 1974.