Common Violations That Lead to CMS Fines

Best PracticesAugust 15, 20256 min read

Based on analysis of over 300 CMS enforcement actions, we've identified the most common violations that lead to civil monetary penalties. Understanding these patterns can help your hospital avoid costly mistakes.

1. File Not Accessible (45% of violations)

This is by far the most common and serious violation. It occurs when:

Causes:

  • 404 errors: File URL is broken or file was moved/deleted
  • Login requirements: File requires authentication to access
  • Paywalls or click-through agreements: Any barrier to direct access
  • Server errors: File exists but server returns errors
  • Robots.txt blocking: Technical restriction preventing access
  • IP restrictions: File only accessible from certain networks

Why It's Serious:

If CMS can't access your file, you're completely out of compliance. This triggers immediate enforcement action with minimal grace period.

Prevention:

  • Test file accessibility externally (not from hospital network)
  • Set up automated daily monitoring
  • Configure proper redirects if URLs change
  • Ensure web host doesn't add authentication requirements
  • Review robots.txt to ensure pricing files aren't blocked

2. Missing Required Data Elements (28% of violations)

Files exist and are accessible, but don't contain all required information.

Common Missing Elements:

  • Payer-specific negotiated rates: Must show actual rates for each payer/plan
  • De-identified minimum negotiated charge: Can't just show "varies"
  • De-identified maximum negotiated charge: Required for all items
  • Discounted cash price: Must be present for self-pay patients
  • Drug unit of measurement: Required for pharmacy items

Real Example:

A 200-bed hospital received $385,000 in penalties because their file showed gross charges but listed all payer-specific rates as "call for pricing." CMS requires actual dollar amounts.

Prevention:

  • Use CMS-provided JSON schema for validation
  • Review sample compliant files from CMS
  • Ensure your pricing system exports all required fields
  • Never use placeholder text like "varies" or "contact us"

3. Schema Validation Errors (18% of violations)

File exists but has technical/structural problems preventing machine readability.

Common Issues:

  • Invalid JSON syntax: Missing brackets, commas, quotes
  • Wrong data types: Text in numeric fields, numbers in text fields
  • Incorrect field names: Using non-standard field names
  • Malformed structure: Nesting elements incorrectly
  • Encoding issues: Special characters breaking JSON

Real Example:

A hospital's file used "price" instead of "standard_charge_dollar" and "insurance_company" instead of "payer_name." Despite containing the right data, non-standard field names made it non-compliant.

Prevention:

  • Use JSON validators before publishing
  • Follow CMS schema exactly—don't customize field names
  • Test parsing with JSON libraries
  • Validate with automated tools daily

4. Outdated Information (12% of violations)

File exists but contains old data or incorrect "last updated" dates.

What Triggers This:

  • Last_updated_on date over 12 months old: Minimum annual update required
  • Clearly outdated pricing: Rates that don't reflect current contracts
  • Inconsistent update dates: File claims recent update but data is old

Real Example:

Hospital's file showed last_updated_on as "2023-04-15" when checked in October 2024. Even though prices might have been current, the old date triggered enforcement.

Prevention:

  • Update files when payer contracts change (don't wait for annual deadline)
  • Automate the last_updated_on field to use current date
  • Document all updates and maintain change logs
  • Set calendar reminders for annual updates at minimum

5. Missing Hospital Metadata (8% of violations)

File lacks required identifying information about the hospital.

Required Metadata:

  • Hospital name (full legal name)
  • Hospital location (city, state, zip)
  • License information (state license number)
  • Hospital type
  • Last updated date
  • Version number (recommended)

Why It Matters:

CMS needs to verify the file corresponds to the correct hospital. Missing metadata makes verification impossible.

Prevention:

Include complete header information in every file:

{
  "hospital_name": "Example Hospital",
  "hospital_location": ["San Francisco, CA"],
  "hospital_address": "123 Main Street, San Francisco, CA 94102",
  "license_number": "12345",
  "last_updated_on": "2025-10-01",
  "version": "1.0.0"
}

6. Incomplete Item Descriptions (5% of violations)

Items listed with unclear or missing descriptions.

Problems:

  • Billing codes only (no plain language description)
  • Vague descriptions ("Procedure", "Service")
  • Missing code information entirely

CMS Requirement:

Each item needs both a plain language description AND appropriate billing code (CPT, HCPCS, DRG, etc.).

Good Example:

{
  "description": "Emergency Department Visit - Level 3 (Moderate Complexity)",
  "code": [{
    "type": "CPT",
    "code": "99283"
  }]
}

Bad Example:

{
  "description": "ED Visit",
  "code": "99283"
}

7. Incorrect File Format (4% of violations)

File is in wrong format or improperly structured.

Common Mistakes:

  • PDF instead of machine-readable: Human-readable PDFs don't meet the requirement
  • Excel/CSV without proper structure: Must follow schema even in CSV
  • HTML tables: Not acceptable as machine-readable format
  • Compressed files requiring special tools: File should be directly accessible

Acceptable Formats:

  • JSON (recommended)
  • CSV with proper column headers
  • XML (less common)

How to Avoid These Violations

Implement Daily Monitoring

Don't check compliance monthly or quarterly. Issues can emerge anytime:

  • Website updates may break file URLs
  • Server changes may block access
  • File corruption can occur during updates

Use Automated Validation

Manual checks miss subtle issues. Automated tools catch:

  • Accessibility problems
  • Schema validation errors
  • Missing required fields
  • Data quality issues

Document Your Process

Maintain records showing:

  • When files were last updated and by whom
  • Validation testing results
  • Issue discovery and resolution timelines
  • Communications with vendors/IT

Assign Clear Responsibility

Someone must own this compliance requirement:

  • Monitor file status daily
  • Coordinate updates when needed
  • Respond to alerts immediately
  • Track regulatory changes

Real Cost Examples

These violations aren't theoretical. Here are actual penalty amounts from CMS enforcement actions:

  • Hospital A: $2.1M - File inaccessible for 382 days before discovery
  • Hospital B: $847K - Missing payer-specific rates (154 days)
  • Hospital C: $495K - Outdated file with 18-month-old data (90 days)
  • Hospital D: $385K - Schema validation errors (70 days)

In each case, the hospital didn't realize they had violations until CMS sent a warning letter. By then, penalties had already accumulated for weeks or months.

Take Action Now

Review your current price transparency files today:

  1. Test accessibility: Try accessing from external network
  2. Validate structure: Run through JSON validator
  3. Check completeness: Verify all required fields present
  4. Confirm currency: Ensure last_updated_on is recent
  5. Review descriptions: Make sure all items clearly described

Don't wait for CMS to tell you there's a problem. By then, it may have already cost you hundreds of thousands in penalties.

← Back to all articles

Stay Compliant with HealthPriceWatch

Avoid costly CMS penalties with automated daily compliance monitoring. Get alerted to issues before CMS does.

Start Your Free Audit