Enforcement and Compliance Overview
Guidance for CMS enforcement and compliance overview.
Issued by: Centers for Medicare & Medicaid Services (CMS)
Issue Date: August 10, 2020
HIPAA Administrative Simplification Enforcement Rule
CMS is charged on behalf of HHS with enforcing compliance with adopted Administrative Simplification requirements. Enforcement activities include:
- Educating health care providers, health plans, clearinghouses, and other affected groups, such as software vendors
- Solving complaints
- Conducting proactive compliance audits
Compliance with the adopted Administrative Simplification standards and operating rules can benefit organizations across the health care industry by streamlining electronic transactions and saving time and money.
On February 16, 2006, the Department of Health and Human Services (HHS) published the HIPAA Enforcement Rule. The rule details the procedures and amounts for imposing civil money penalties on covered entities that violate any HIPAA Administrative Simplification requirements.
Effective February 18, 2009, Section 13410(d) of the HITECH Act revised section 1176(a) of the Social Security Act to change the amounts of civil money penalties that may be assessed for unresolved HIPAA violations.
Authority
CMS under the Secretary’s authority granted to HHS has the authority to investigate HIPAA transaction complaints and conduct compliance reviews for:
CMS’s enforcement authority covers the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and subsequent legislation.
CMS authority does not extend to the HIPAA Security Rule and the Privacy Rule. The HHS Office for Civil Rights (OCR) manages complaints related to privacy and security.
Pages in Enforcement and Compliance:
Keep Up to Date!
Sign up for Administrative Simplification Email Updates and follow us on Twitter, and check out our Resources and FAQs.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.