On October 30, 2009, interim final regulations were issued by HHS’ Office for Civil Rights relating to civil monetary penalties, arising from violations of the HiTech law (Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009). These rules amend the four tiers of civil penalties that can be imposed upon covered entities, as defined by the HIPAA Administrative Simplification laws, to provide for penalties in the event of any HITECH violations relating to breach of medical information (seeBreach Notification Rules Issued). Below is the revised table of potential penalties:
Table 1—Categories of Violations and Respective Penalty Amounts Available
Violation category | Each violation | All such violations of an identical provision in a calendar year |
Did Not Know | $100–$50,000 | $1.5M |
Reasonable Cause | 1,000–50,000 | $1.5M |
Willful Neglect—Corrected | 10,000–50,000 | $1.5M |
Willful Neglect—Not Corrected | 50,000 | $1.5M |
These regulations take effect November 30, 2009.
The information contained in this Benefit Beat is not intended to be legal, accounting, or other professional advice, nor are these comments directed to specific situations.
As required by U.S. Treasury rules, we inform you that, unless expressly stated otherwise, any U.S. federal tax advice contained in this Benefit Beat is not intended or written to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed by the Internal Revenue Service