Issued by: Centers for Medicare & Medicaid Services (CMS)

Issue Date: August 02, 2020

The Centers for Medicare & Medicaid Services (CMS), on behalf of HHS, has authority to investigate complaints of non-compliance related to all of the HIPAA regulations except the Security Rule and Privacy rules, which are enforced by the Office of Civil Rights (OCR).  The regulations for which CMS has enforcement authority include: the Transactions and Code Sets (TCS); the National Employer Identifier Number (EIN); the National Provider Identifier (NPI); and the Operating Rules (OPR).   

Please view the below-revised report(s) that provide statistics on complaint types submitted by covered entities, violations based on the type of transaction, and resolution time frames. Moving forward, CMS is publishing its complaint reports on a quarterly basis. We welcome your feedback/comments on the information provided in the complaint reports. To share your comments, contact AdministrativeSimplification@cms.hhs.gov.

 

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.