Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
: U.S. Health and Human Services Secretary Alex Azar. Photo: Alex Wong/Getty Images
The Department of Health and Human Services reduced its fines for violations of HIPAA — the law requiring health care industries to protect customer data, according to a notice this week in the Federal Register.
Driving the news: The new rules reduce a maximum fine of $1.5 million to a maximum fine of $250,000.
- HHS claims the changes in fines reflect a better reading of the law.
- The law is ambiguous and poorly written, supporting both the new and old readings of the law, said Jon Moore, senior vice president and chief risk officer at Clearwater Compliance, a company that helps customers comply with HIPAA.
Details: The changes in fees may fundamentally alter how companies approach compliance fines, said Moore.
- Investigations into HIPAA fines can take years.
- "Most organizations who are investigated don’t end up paying penalties. Or they settle and enter a corrective action plan," he said. "But that might change. An organization may say 'I’d rather pay [the lowest-tier fine of] $25,000 than be investigated for years.'"
What to watch: It's hard to say whether the changes will increase or decrease compliance with the law. It's now less costly not to comply. But by decreasing the penalty for complying with the law but still suffering a breach, the changes also make complying more attractive.
Go deeper: Alexa adds new functionalities to comply with HIPAA