For those not aware, the federal government's penalties are adjusted with inflation. The graphic below is a snippet from the 2020 Federal Register and updates the maximum penalty a Covered Entity or Business Associate may pay per violation. To be clear, each patient record or day a CE or BA is not in compliance may be judged as an individual violation. Judges have imposed civil monetary penalties based on the number of days a company was non-compliant, so this point isn't "just in theory".
Stay (HIPAA) safe,