Feb 09, 2026
HHS Releases 2025 Civil Monetary Penalties in 2026
Category:
Compliance Bulletins
On January 26, 2026, the Department of Health and Human Services (“HHS”) issued final rules adjusting civil monetary penalties for inflation.
The adjusted penalties are applicable to penalties assessed on or after January 28, 2026, if the violation occurred on or after November 2, 2015.
Updated Penalties
The following chart contains penalties related to failures under HIPAA Privacy and Security, failures to provide summary of benefits and coverage, and Medicare Secondary Payer (“MSP”) rules applicable to group health plans:
| Description | 2024 Penalty (Prior) | 2025 Penalty (New) |
|---|---|---|
| Pre-February 18, 2009 violation of HIPAA administrative simplification provisions | $193 per violation $48,586 annual cap |
$198 per violation $49,848 annual cap |
| February 18, 2009 or later violation of HIPAA administrative simplification provision without knowledge | $141 min. $71,162 max. $2,134,831 annual cap |
$145 min. $73,011 max. $2,190,294 annual cap |
| February 18, 2009 or later violation of HIPAA administrative simplification provision with reasonable cause and not to willful neglect | $1,424 min. $71,162 max. $2,134,831 annual cap |
$1,461 min. $73,011 max. $2,190,294 annual cap |
| February 18, 2009 or later violation of HIPAA administrative simplification provision due to willful neglect AND corrected during 30-day period | $14,232 min. $71,162 max. $2,134,831 annual cap |
$14,602 min. $73,011 max. $2,190,294 annual cap |
| February 18, 2009 or later violation of HIPAA administrative simplification provision due to willful neglect AND NOT corrected during 30-day period | $71,162 min. $2,134,831 max. $2,134,831 annual cap |
$73,011 min. $2,190,294 max. $2,190,294 annual cap |
| Failure to provide the Summary of Benefits and Coverage (“SBC”) | $1,406 per day | $1,443 per day |
| Penalty for an employer or other entity to offer financial or other incentive to individual entitled to Medicare/Medicaid benefits not to enroll under a group health plan that would be primary | $11,524 | $11,823 |
| Penalty for entity serving as insurer, TPA, or fiduciary for a group health plan that fails to provide information to HHS Secretary identifying when the GHP was primary payer to Medicare | $1,474 | $1,512 |
Employer Action
- Covered entities (health plans, health care clearinghouses, and health care providers) must ensure proper application and compliance with HIPAA’s Privacy and Security Rules.
- Employers should avoid using incentives to discourage Medicare/Medicaid eligible employees from enrolling in the employer’s health plan.
- Employers should be aware of the SBC disclosure requirement and ensure employees receive SBCs in a timely fashion (e.g., in connection with open enrollment).
This document is designed to highlight various employee benefit matters of general interest to our readers. It is not intended to interpret laws or regulations, or to address specific client situations. You should not act or rely
on any information contained herein without seeking the advice of an attorney or tax professional. © My Benefit Advisor. All Rights Reserved. CA Insurance License #0G33244
Additional Info
Categories
Contact Us
Our Advisors offer in-depth analysis and are ready to help you successfully navigate employee benefits and health insurance.
Our website uses cookies. Click here to view our privacy policy.