FREE HIPAA PENALTY CALCULATOR

Estimate the OCR fine range
for a HIPAA violation.

Penalty figures verified against the 2026 HHS Annual Civil Monetary Penalty Inflation Adjustment, codified at 45 CFR 160.404. Estimates are illustrative and do not constitute legal advice. The actual amount imposed by OCR depends on factors including violation count, harm caused, prior compliance history, and ability to pay.

STEP 1 OF 2

Tell us about the violation.

Tap the tier that best describes the violation. Most small practice cases fall into Tier 2 or Tier 3.
Each individual whose information was affected may count as a separate violation. For unsecured PHI breaches, this is typically the number of records exposed.
Used to gauge whether the calendar-year cap of $2,190,294 is likely to be reached.

YOUR ESTIMATED PENALTY RANGE

$0 to $0per violation, before annual cap

Total estimated low

$0

Total estimated high

$0

Calendar year cap (2026)

$2,190,294

Tier selected

Tier 1

This is an estimate, not a quote. Actual penalties imposed by OCR are determined by the agency and depend on factors including violation count, severity, harm to individuals, prior compliance history, willful neglect determination, and the entity's ability to pay. Settlements often involve resolution agreements with corrective action plans rather than maximum penalties.

Get a $750 Privacy Exposure Review View HIPAA Risk Analysis

SOURCES AND METHODOLOGY

All penalty figures are pulled directly from the 2026 HHS Annual Civil Monetary Penalty Inflation Adjustment, published in the Federal Register on January 28, 2026 (Document Number 2026-01688). The four-tier structure is established by Section 1176 of the Social Security Act as amended by the HITECH Act of 2009 and codified at 45 CFR 160.404. Annual adjustments are required by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. View the source document on the Federal Register.