Effective April 23, 2019, the Office of Civil Rights (OCR) has reduced the annual aggregate HIPAA penalty caps for covered entities and business associates.
The penalty drop seems to align with the different levels of culpability for each tier.
The penalty cap reduction is favorable for providers – and it is not surprising, as the OCR has a strong record of relating to healthcare providers in their struggle to implement HIPAA. But, the cap reduction does not mean providers should put HIPAA efforts on the back burner. HIPAA enforcement is still at a record high, and providers and business associates who encounter a breach can – regardless of the new caps – face crippling fines, embarrassing news coverage, and loss of patient trust.