Directory  |  Calendar  |  Forms  |  Contact Us  |  Login

HIPAA Compliance Kit

HIPAA Articles

HIPAA Links

More Resources

HIPAA Enforcement Fact Sheet

CMS has been designated by the Secretary of HHS to enforce the HIPAA administrative simplifications provisions, with the exception of the privacy standards. This includes transactions and code sets, security and identifiers. CMS will also continue to enforce the insurance portability provisions under Title I of HIPAA.

In order to perform these duties CMS will create a new office within the agency to focus on HIPAA activities. This office will establish and operate enforcement processes, develop regulations related to HIPAA standards, and conduct outreach activities to HIPAA covered entities. The office will report directly to the deputy administrator.

The enforcement process will be primarily complaint-driven. The focus of enforcement activities will be to obtain voluntary compliance through technical assistance. The process will be progressive, affording a covered entity against whom a complaint has been filed opportunities to demonstrate compliance or to develop a corrective action plan.

Privacy enforcement will be the responsibility of the HHS Office for Civil Rights, and the two agencies will work together to address common issues.

Penalties:

Key HIPAA Dates: