Middlesex Sheriff’s Office HIPAA breach notification – hometownweekly.net
Middlesex Sheriff’s Office HIPAA breach notification hometownweekly.net
Aligning Substance Use Privacy Regs With HIPAA Isn’t Simple – GovInfoSecurity
Aligning Substance Use Privacy Regs With HIPAA Isn’t Simple GovInfoSecurity
Aligning Substance Use Privacy Regs With HIPAA Isn’t Simple – Bank Info Security
Aligning Substance Use Privacy Regs With HIPAA Isn’t Simple Bank Info Security
HHS Applies Inflation Increase to Penalties for HIPAA Violations – The HIPAA Journal
HHS Applies Inflation Increase to Penalties for HIPAA Violations The HIPAA Journal
HHS Applies Inflation Increase to Penalties for HIPAA Violations
The HHS’ Office for Civil Rights has increased the penalties for HIPAA violations with immediate effect. As of January 28, 2026, the penalties have been increased in line with inflation, as mandated by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. Annual adjustments to the penalty amounts are necessary to maintain the deterrent effect of financial penalties.
When the HITECH Act was introduced, the penalties for HIPAA violations were set as follows:
- Tier 1: Minimum fine of $100 per violation up to $50,000
- Tier 2: Minimum fine of $1,000 per violation up to $50,000
- Tier 3: Minimum fine of $10,000 per violation up to $50,000
- Tier 4: Minimum fine of $50,000 per violation up to $1,500,000
The penalties were capped at $1,500,000 for violations of an identical provision in a calendar year, and all penalties are subject to annual increases in line with inflation. OCR, like all other Executive Departments and Agencies, is required to apply annual increases to its penalty amounts. Each year, the Office of Management and Budget (OMB) issues a Memorandum that includes a multiplier for the annual adjustment.
All Executive Departments and Agencies are required to apply the multiplier by the specified date, which for the 2025 increase was January 17 last year. The HHS is often late in applying the annual adjustment to its penalties. The previous adjustment to the penalty amounts was applied on August 8, 2024. While the 2025 adjustment was due to be applied by January 17, 2025, it was not applied until January 28, 2026, more than a year late. OMB has yet to announce the inflation multiplier for 2026.
The new penalty amounts are effective from the date of publication in the Federal Register. If the violation occurred before November 2, 2015, or a penalty was assessed before September 6, 2016, the pre-adjustment civil penalty amounts in effect before September 6, 2016, will apply.
2025 Penalties for HIPAA Violations
| Penalty Tier | Minimum Penalty | Maximum Penalty | Annual Penalty Cap |
| Did Not Know | $145 | $73,011 | $2,190,294 |
| Reasonable Cause | $1,461 | $73,011 | $2,190,294 |
| Willful Neglect (Corrected within 30 days) | $14,602 | $73,011 | $2,190,294 |
| Willful Neglect (Not corrected) | $73,011 | $2,190,294 | $2,190,294 |
While these are the official penalty amounts, OCR has not rescinded its 2019 Notice of Enforcement Discretion. In 2019, OCR reviewed the text of the HITECH Act and determined there had been a misinterpretation. OCR issued a Notice of Enforcement Discretion, lowering the maximum penalties and annual caps in three of the four penalty tiers. The effective penalties for HIPAA violations, per the Notice of Enforcement Discretion, are detailed in the table below. OCR can rescind the Notice of Enforcement Discretion at any point, but cannot change the penalties detailed in the table above without further rulemaking.
| Penalty Tier | Minimum Penalty | Maximum Penalty | Annual Penalty Cap |
| Did Not Know | $145 | $36,505.50 | $36,505.50 |
| Reasonable Cause | $1,461 | $73,011 | $146,053 |
| Willful Neglect (Corrected within 30 days) | $14,602 | $73,011 | $365,052 |
| Willful Neglect (Not corrected) | $73,011 | $2,190,294 | $2,190,294 |
Penalties for Violations of the Part 2 Regulations
Violations of the Part 2 regulations are now enforced by OCR, following the update to the Part 2 regulations to align them more closely with HIPAA. While violations are penalized with the same penalty structure as HIPAA, the penalties are not the same. OCR has taken the starting point to be the penalty amounts stipulated by the HITECH Act of 2009, rather than the current penalty amounts for HIPAA violations, which have increased annually in line with inflation since 2009. As such, violations of the Part 2 regulations are penalized less severely than violations of the HIPAA Rules, despite Part 2-covered data being considered more sensitive. Per the recent publication in the Federal Register, the penalties for violations of the Part 2 regulations are as follows.
| Penalty Tier | Minimum Penalty | Maximum Penalty | Annual Penalty Cap |
| Did Not Know | $103 | $51,299 | $1,538,970 |
| Reasonable Cause | $1,026 | $1,538,970 | $1,538,970 |
| Willful Neglect (Corrected within 30 days) | $10,260 | $1,538,970 | $1,538,970 |
| Willful Neglect (Not corrected) | $51,299 | $1,538,970 | $1,538,970 |
The post HHS Applies Inflation Increase to Penalties for HIPAA Violations appeared first on The HIPAA Journal.
After 35M Patient Records Breached in 2025, Here Are 10 Questions for CIOs – DesignRush
HIPAA Privacy Notices Must Be Updated by February 16: Key Points for Group Health Plan Sponsors and Covered Entities – JD Supra
Four Healthcare Providers Settle Class Action Lawsuits Over Data Breaches – The HIPAA Journal
HIPAA Training for IT Professionals – The HIPAA Journal
HIPAA Training for IT Professionals The HIPAA Journal