The Department of Health and Human Services (HHS) recently released inflation-adjusted increases for certain HHS-related penalties, including those for violations of the Health Insurance Portability and Accountability Act (HIPAA) rules and the Medicare Secondary Payer rules[1].
These adjustments are effective for penalties assessed on or after August 8, 2024, for violations occurring on or after November 2, 2015.
The reference table below highlights the inflation-adjusted HHS penalty increases directly (or indirectly) impacting employer-sponsored group health plans:
| HHS Enforcement Item | Violation | 2024 Penalty | 2023 Penalty (Prior) |
|---|---|---|---|
| HIPAA | Violation of a HIPAA administrative simplification provision due to lack of knowledge (Tier 1) |
$141 minimum
$71,162 maximum
$2,134,831 calendar year cap
|
$137 minimum
$68,928 maximum
$2,067,813 calendar year cap
|
| HIPAA | Violation of a HIPAA administrative simplification provision due to reasonable cause and not willful neglect (Tier 2) |
$1,424 minimum
$71,162 maximum
$2,134,831 calendar year cap
|
$1,379 minimum
$68,928 maximum
$2,067,813 calendar year cap
|
| HIPAA | Violation of a HIPAA administrative simplification provision due to willful neglect and corrected within 30 day period (Tier 3) |
$14,232 minimum
$71,162 maximum
$2,134,831 calendar year cap
|
$13,785 minimum
$68,928 maximum
$2,067,813 calendar year cap
|
| HIPAA | Violation of a HIPAA administrative simplification provision due to willful neglect and not corrected within 30 day period (Tier 4) |
$71,162 minimum
$2,134,831 maximum
$2,134,831 calendar year cap
|
$68,928 minimum
$2,067,813 maximum
$2,067,813 calendar year cap
|
| Medicare Secondary Payer | An employer or other entity offering financial incentives to individuals entitled to Medicare not to enroll in a plan that would otherwise be primary |
$11,524 |
$11,162 |
| Medicare Secondary Payer | Failure by an insurer, third-party administrator, or group health plan fiduciary to provide information to the HHS Secretary identifying situations where the group health plan is or was a primary plan to Medicare |
$1,474 |
$1,428 |
| Affordable Care Act | Failure to provide a Summary of Benefits and Coverage (SBC) |
$1,406 |
$1,362 |
Employer Takeaways
Employers are advised to review their plan practices and processes to ensure compliance with applicable HHS requirements in an effort to avoid these penalties.
As a reminder:
- Medicare Secondary Payer rules prohibit employers from offering financial incentives to individuals entitled to Medicare to not enroll in an employer-sponsored group health plan that would otherwise be primary to Medicare.
- Summary of Benefits and Coverage documents must be provided to participants prior to enrollment or re-enrollment in a group health plan. As a result, they are generally distributed to plan participants upon initial plan eligibility, during open enrollment, and upon request.
In addition to applicable HHS penalties, ERISA[5] group health plans are also subject to annually adjusted DOL penalties. Click here for more information.
Please reach out to your eBen team member with any questions or contact us directly here.
[1] The Medicare Secondary Payer statute prohibits a group health plan from “taking into account” the Medicare entitlement of a current employee or a current employee’s spouse or family member and imposes penalties for violations.
[2] HIPAA administrative simplification comprises standards for privacy, security, breach notification, and electronic health care transactions.
[3] 30 day period of when the covered entity knew — or would have known by exercising reasonable diligence — about the violation.
[4] 30 day period of when the covered entity knew — or would have known by exercising reasonable diligence — about the violation.
[5] ERISA means the Employee Retirement Income Security Act of 1974.
