Compliance Program

OCR Civil Monetary Penalties (HIPAA)

HHS Office for Civil Rights' tiered CMP structure for HIPAA violations, with maximums adjusted annually for inflation.

1 min read · Last reviewed May 23, 2026

At a glance

Category
Compliance Program
Primary sources
1
Workspace handoff
compliance binder

Where this comes up

Compliance committees and practice managers operate at this level — written policy, workforce training, sanction policy, monitoring and auditing cadence, response and corrective action. The seven elements of an effective compliance program (OIG) are the scaffolding; this term lives somewhere on that scaffold.

Full definition

What it is in practice

HITECH Act established four tiers: Tier 1 (no knowledge), Tier 2 (reasonable cause), Tier 3 (willful neglect, corrected), Tier 4 (willful neglect, not corrected). Annual maximums are inflation-adjusted.

How it shows up in your practice

Most enforcement is settlement-driven (Resolution Agreements with Corrective Action Plans), not CMP. But the CMP tier structure frames every OCR negotiation.

Sources

Take it into the workspace

Document OCR exposure in the Compliance Binder

Open compliance binder
Authored by D3rx

D3rx is a healthcare-billing and compliance research aid maintained by D3rx Inc. Articles are drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and reviewed for restraint and source fidelity by the D3rx team.

Reviewer status: a named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged. Until that engagement is finalized, this page does not claim credentialed review.

This glossary entry is a research aid for billing and compliance staff. It does not provide legal, medical, or financial advice and does not replace counsel. References cited link to primary sources at HHS, OCR, CMS, eCFR, NIST, and the relevant payer or industry body.