The U.S. Department of Health and Human Services (HHS) has increased civil monetary penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules for 2026. These inflation-adjusted penalties reinforce the importance of strong compliance practices for employers sponsoring group health plans.
|
TIER |
VIOLATION |
MINIUMUM PENALTY PER VIOLATION |
|
Tier 1 – Lack of knowledge
|
Violations the organization was unaware of and could not have reasonably avoided |
$145 |
|
Tier 2 – Reasonable cause |
Violations due to reasonable cause, not willful neglect |
$1,461 |
|
Tier 3 – Willful neglect (Corrected with 30 days) |
Violations due to willful neglect that are corrected within the required timeframe |
$14,602 |
|
Tier 4 – Willful neglect (Not corrected) |
Violations due to willful neglect that are not corrected |
$73,011 |