HIPAARecognizing that different levels of culpability warrant different annual civil penalty limits, the Department of Health and Human Services adopted a notification April 23, 2019, to be published in the Federal Register April 30, 2019, that reduces the majority of the caps on annual civil penalties.  See 45 C.F.R. Part. 160.

The table below shows the differences:

Culpability Old Annual Limit New Annual Limit
No Knowledge $1,500,000 $25,000
Reasonable Cause $1,500,000 $100,000
Willful Neglect – Corrected $1,500,000 $250,000
Willful Neglect – Not Corrected $1,500,000 $1,500,000

In our experience, clients rarely, if ever, fall into the last category.  And even if clients are at risk of having been willfully neglectful in violating HIPAA, the new penalty limits add to the incentives for those clients to correct problems that led to the potential violations before potential scrutiny by the Office of Civil Rights.  That ounce of prevention could lead to $1,250,000 of cure.

Photo of Blaine C. Kimrey Blaine C. Kimrey

Blaine C. Kimrey is a Shareholder at Vedder Price, Chair of the Media & Entertainment Litigation practice group, and a member of the Privacy, CyberSecurity, & Media practice group.  A former journalist at two daily newspapers (the Austin American-Statesman and the Arkansas Democrat-Gazette), Mr. Kimrey is a trial lawyer who has dedicated more than 20 years to working for and defending media entities. Mr. Kimrey’s practice, however, extends well beyond media defense, focusing on a broad range of direct and class action litigation involving topics as diverse as privacy, consumer deception, intellectual property, entertainment, insurance, banking, real estate, civil rights, telecommunications, and mass catastrophes and torts.  Among other accolades, Mr. Kimrey is Chambers USA Band 2 rated for Media & Entertainment Litigation in the state of Illinois, is listed in Best Lawyers in America for Intellectual Property Litigation, and is AV-rated by Martindale-Hubbell.

Photo of Bryan K. Clark Bryan K. Clark

Bryan K. Clark is an Associate at Vedder Price and a member of the Privacy, CyberSecurity & Media practice group.  He has an extensive media and privacy practice that includes privacy class action defense, mobile-marketing litigation, class action TCPA litigation, copyright litigation, right of publicity litigation, data breach response, FOIA issues, reporter’s privilege issues and prepublication review.

Photo of Caitlin C. Podbielski Caitlin C. Podbielski

As a member of the Privacy, CyberSecurity & Media Group, Ms. Podbielski assists clients in analyzing and responding to data security incidents involving state and federal privacy laws. In addition to incident response counseling, Ms. Podbielski advises health care clients on compliance matters under the Health Insurance Portability and Accountability Act, including guidance on conducting risk assessments, development of policies and procedures, and compliance with the minimum necessary principles.  She regularly counsels a variety of clients on matters pertaining to state and federal tax exemption, state and federal privacy and security laws, and health care regulation. As a member of the Trade & Professional Associations Group, Ms. Podbielski has advised a variety of tax-exempt organizations, including organizations exempt under 501(c)(3), (c)(4), (c)(6) and (c)(7) of the Internal Revenue Code, on a variety of issues related to exempt status, including eligibility and application for exemption, state solicitation and registration law compliance, and annual filings with the Internal Revenue Service.