Failure to Comply

What Are the Consequences for Failing to Comply?

With HIPAA?

Employers and insurers that do not comply with HIPAA will face monetary penalties and lawsuits. When enforcement action is taken against a plan, the employer sponsoring the plan generally is held responsible. HIPAA is jointly enforced by the IRS, the Department of Labor (DOL), and the Department of Health and Human Services (HHS).

The IRS may assess an excise tax penalty for a group health plan’s failure to furnish certificates and for other failures to comply with HIPAA’s PCE, special enrollment, and nondiscrimination requirements. The excise tax amount is $100 per day of noncompliance for each individual to whom the failure relates. The penalty is imposed on the sponsoring employer.
The DOL is actively auditing plans for compliance with HIPAA’s PCE, special enrollment, and nondiscrimination requirements, and it may bring a civil action against an employer or insurance issuer to enforce these requirements.
HHS can impose civil penalties for violation of HIPAA’s administrative simplification (including privacy) provisions of up to $100 per violation, with the total amount imposed on a person for all violations of an identical requirement during a calendar year not to exceed $25,000. The maximum relates to each separate type of violation, and compliance failures most likely would involve numerous HIPAA provisions. HHS also enforces the HIPAA requirements that apply to insurance issuers.
Criminal penalties may apply if a person knowingly uses or discloses individually identifiable health information in violation of HIPAA.

In addition, plan participants and beneficiaries may be able to bring private lawsuits to enforce HIPAA’s PCE, special enrollment, and nondiscrimination provisions. Anyone can file a complaint with HHS if they believe that an entity is not complying with HIPAA’s privacy or security requirements.

With COBRA?

Failure to comply with COBRA can lead to significant financial consequences. Different consequences flow from different compliance failures, and, of course, the amount of possible damages awarded in any particular case will depend on the circumstances of the qualified beneficiary (or beneficiaries). But all of the following consequences can arise from a COBRA compliance failure:

Excise tax penalties may be assessed by the IRS (up to $200 per day) for each day on which a plan fails to comply with COBRA.
Statutory penalties of $110 per day may be recovered (by qualified beneficiaries) for failure to provide initial and election notices under COBRA.
Qualified beneficiaries may sue to recover COBRA coverage (such suits carry the potential for large damages, which, in the case of an insured plan, may not be covered by the plan’s insurance).
Failure to provide adequate initial and election notices can create exposure to “other relief,” which might include damages for such things as a worsening of a qualified beneficiary’s medical condition due to failure to provide an adequate COBRA notice.
In COBRA lawsuits, the court is permitted to award attorneys’ fees and interest to the prevailing party.

If you have any questions about or need assistance with anything in this document please do not hesitate to contact the TCO Compliance Officer at complianceofficer@tboiservices.com.