Enforcement and Compliance Overview
New: Compliance Review Program
The CMS Division of National Standards, on behalf of HHS, is launching the Compliance Review Program to ensure compliance among covered entities with HIPAA Administrative Simplification rules for electronic health care transactions.
In April 2019, HHS will randomly select 9 HIPAA-covered entities—a mix of health plans and clearinghouses—for Compliance Reviews. Any health plan or clearinghouse—not just those who work with Medicare or Medicaid—may be selected. In 2018, HHS piloted the program with health plan and clearinghouse volunteers to streamline the compliance review process and identify any system enhancements. In 2019, providers will be able to participate in a separate
Watch the new CMS video about the Compliance Review Program to learn about why compliance reviews are important for the health care industry and how they will be conducted.
More information on the Compliance Review Program:
- Compliance Review Program Information Bulletin
- Optimization Pilot Information Bulletin
- What to Expect Q&A
- Prep Steps
New: Provider Pilot Program
The CMS Division of National Standards, on behalf of HHS, is launching a volunteer Provider Pilot Program to test the compliance review process and to gain insight on compliance with HIPAA Administrative Simplification rules among providers. This follows a successful pilot program for health plans and clearinghouses completed in 2018.
In April 2019, HHS will select 3 health care providers from the pool of volunteers to participate.
Learn more about the Provider Pilot Program and how to participate:
To volunteer to participate, email AdministrativeSimplification@cms.hhs.gov by April 24.
ASETT - Administrative Simplification Enforcement and Testing Tool - Now on the Salesforce Cloud
ASETT allows you to:
- Test your transactions
- Test your trading partners’ transactions
- File complaints
- Track your complaint status
The web-based tool has been updated to offer easier navigation, new features, improved reporting, and greater security.
HIPAA Administrative Simplification Enforcement Rule
CMS is charged on behalf of HHS with enforcing compliance with adopted Administrative Simplification requirements. Enforcement activities include:
- Educating health care providers, health plans, clearinghouses, and other affected groups, such as software vendors
- Solving complaints
- Conducting proactive compliance audits
On February 16, 2006, the Department of Health and Human Services (HHS) published the HIPAA Enforcement Rule.
The rule details the procedures and amounts for imposing civil money penalties on covered entities that violate any HIPAA Administrative Simplification requirements.
Effective February 18, 2009, Section 13410(d) of the HITECH Act revised section 1176(a) of the Social Security Act to change the amounts of civil money penalties that may be assessed for unresolved HIPAA violations.
Authority
CMS under the Secretary’s authority granted to HHS has the authority to investigate HIPAA transaction complaints and conduct compliance reviews for:
CMS’s enforcement authority covers the Administrative Simplification provisions of the:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Patient Protection and Affordable Care Act of 2010 (ACA)
CMS authority does not extend to the HIPAA Security Rule and the Privacy Rule. The HHS Office for Civil Rights (OCR) manages complaints related to privacy and security.
- Page last Modified: 04/10/2019 1:41 PM
- Help with File Formats and Plug-Ins