The federal Department of Health and Human Services recently released new inflation-adjusted penalty amounts for various federal requirements that impact employers who offer group health insurance coverage and health insurance issuers. The new fine levels relate to compliance with the Health Insurance Portability and Accountability Act’s (HIPAA) privacy and data security requirements, various Affordable Care Act (ACA) requirements, and the Medicare secondary payer rules.

HIPAA Privacy and Data Security Rules

Group health plans, health insurance issuers, and other entities that are covered entities according to HIPAA or business associates of covered entities will now face higher penalty levels for fines that are assessed on or after October 6, 2023. The new penalty levels are as follows:

Affordable Care Act Requirements

The ACA includes numerous requirements for group health insurance plan sponsors and health insurance issuers. The maximum penalties for the following requirements will increase in 2024 as follows:

Medicare Secondary Payer Rules

If an employer with 20 or more employees offers group health insurance coverage, then that health coverage is primary to Medicare if a Medicare beneficiary is enrolled in the group plan. Federal rules prohibit group health plan sponsors from trying to convince people who are both eligible for the group plan and Medicare to decline group coverage in favor of Medicare. For 2024, the maximum penalties associated with such actions will be:

HHS RELEASES NEW FINE STRUCTURES