Directory  |  Calendar  |  Forms  |  Contact Us  |  Login

HIPAA Compliance Kit

HIPAA Articles


More Resources

CMS Named To Enforce HIPAA Transaction and Code Set Standards

HHS Office for Civil Rights To Continue To Enforce Privacy Standards

HHS Secretary Tommy G. Thompson announced today that the Centers for Medicare & Medicaid Services (CMS) will be responsible for enforcing the transaction and code set standards that are part of the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

"HIPAA administrative simplification is going to streamline and standardize the electronic filing and processing of health insurance claims, save money and provide better service for providers, insurers and patients," Thompson said.

"To accomplish this will require an enforcement operation that will assure compliance and provide support for those who file and process health care claims and other transactions," Thompson said.  "CMS is the agency best able to do this."

CMS will continue to enforce the insurance portability requirements of HIPAA.  The HHS Office for Civil Rights (OCR) will enforce the HIPAA privacy standards.  CMS and OCR will work together on outreach and enforcement and on issues that touch on the responsibilities of both organizations - such as application of security standards or exception determinations.
Ruben J. King-Shaw Jr., CMS deputy administrator and chief operating officer, said CMS will create a new office to bring together its responsibilities under HIPAA, including enforcement.

"Concentrating these CMS responsibilities in a new office with a single mission will give us the most efficient operation possible, while providing strong support for all our partners in the health care community," King-Shaw said.

The new CMS office will establish and operate enforcement processes and develop regulations related to the HIPAA standards for which CMS is responsible.  These standards include transactions and code sets, security, and identifiers for providers, insurers and employers for use in electronic transactions.  The office will report directly to the deputy administrator.

The office also will conduct outreach activities to HIPAA covered entities such as health care providers and insurers to make sure they are aware of the requirements and to help them comply.

Federal law requires most health plans, clearing houses, and those providers that conduct certain transactions electronically to be compliant with the HIPAA transactions standards by Oct. 16, 2002 , unless they file on or before Oct. 15 for a one-year extension.  Those who are not compliant and have not filed for the extension may be subject to statutory penalties.
(The law gives certain small health plans until Oct. 16, 2003 to comply). 

Enforcement activities will focus on obtaining voluntary compliance through technical assistance.  The process will be primarily complaint driven and will consist of progressive steps that will provide opportunities to demonstrate compliance or submit a corrective action plan.

A fact sheet summarizing the administrative simplification standards required by HIPAA is available at .  More detailed information about the standards is available at .