HIPAA Violation Amounts Adjusted for 2022
The Department of Health and Human Services (HHS) recently released an updated list of annual inflation adjustments applicable to monetary penalties to be assessed on or after March 17, 2022 for violations occurring on or after November 2, 2015. Adjusted penalties are calculated as a result of multiplying the preceding year’s penalties by 2022’s cost-of-living multiplier of 1.06222 and applying that number to each individual penalty amount. Amounts are then rounded to the nearest dollar.
Respective to group health plans, there are several increases to penalties associated with the Health Insurance Portability and Accountability Act (HIPAA) worthy of note due to the higher penalties being levied.
Minimum Penalties:
- As a result of inflation, the minimum penalty amount for a HIPAA violation has now increased from $120 to $127 for a Covered Entity or Business Associate that did not know, and by exercising reasonable diligence would not have known, that a HIPAA provision was violated.
- HIPAA violations stemming from reasonable cause, but not willful neglect, will now carry a minimum penalty of $1,280 (previously $1,205).
- For HIPAA violations occurring as a result of willful neglect that are remedied within 30 days of when the Covered Entity or Business Associate first knew, or, by exercising reasonable diligence, would have known that the violation occurred will move from the previous penalty amount of $12,045 to $12,794.
- HIPAA violations that are established as having resulted from willful neglect that also go uncorrected during the 30-day period beginning on the first date the Covered Entity or Business Associate knew of the violation, or, by exercising reasonable diligence, would have known will move from $60,226 to $63,973.
Maximum Penalties:
The maximum penalty amount for HIPAA violations not due to willful neglect/not timely corrected will increase from $60,226 to $63,973. HIPAA violations that are due to willful neglect and are not remedied in a timely manner will go from a maximum penalty of $1,806,757 to a maximum penalty of $1,919,173.
Calendar Year Penalties:
The guidance offered by HHS also includes calendar year penalty caps for the various HIPAA violations, effectively curbing each individual HIPAA violation at a maximum annual penalty amount of $1,919,173 (up from $1,806,757).
| Type of Violation | Minimum/Maximum Penalty | Calendar Year Cap |
| Category 1 – Lack of Knowledge: A violation that the Covered Entity or Business Associate was unaware of and could not have realistically avoided, had a reasonable amount of care been taken to abide by HIPAA Rules. | Category 1: Minimum fine of $127 per violation up to $63,973. | Calendar year maximum: $1,919,173. |
| Category 2 – Reasonable Cause – No Willful Neglect: A violation that the Covered Entity or Business Associate should have been aware of but could not have avoided even with a reasonable amount of care. Falls short of willful neglect of HIPAA Rules. | Category 2: Minimum fine of $1,280 per violation up to $63,973. | Calendar year maximum: $1,919,173. |
| Category 3 – Willful Neglect – Corrected within 30 Days: A violation suffered as a direct result of willful neglect of HIPAA Rules, in cases where an attempt has been made to correct the violation. | Category 3: Minimum fine of $12,794 per violation up to $63,973. | Calendar year maximum: $1,919,173. |
| Category 4 – Willful Neglect – Not Corrected within 30 Days: A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation. | Category 4: Minimum fine of $63,973 per violation up $1,919,173. | Calendar year maximum: $1,919,173. |
Featured News & Insights
Are your employees leaving money on the table? Last year, American workers forfeited millions of dollars in healthcare savings simply because they didn’t maximize their Flexible Spending Accounts...
As per Notice 2025-61, the IRS is adjusting the fee that insurers or self-insured health plan sponsors will pay to fund the federal Patient-Centered Outcomes Research Institute (PCORI) trust fund for...
Attention: Massachusetts Employers with Six or More Employees in Massachusetts. The Annual Health Insurance Responsibility Disclosure (HIRD) form is due no later than December 15, 2025. Filing can be...