Summary

Description

On February 16, 2006, the Department of Heath and Human Services (HHS) published a final rule which details the bases and procedures for imposing civil money penalties on covered entities that violate any of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification Rules. The Centers for Medicare and Medicaid Services (CMS) has authority to investigate complaints of non-compliance related to all of the HIPAA regulations except the Security Rule or the Privacy Rule. The regulations for which CMS has enforcement authority include, the Transactions and Code Sets (TCS), the National Employer Identifier Number (EIN), and the National Provider Identifier (NPI). Enforcement authority for the HIPAA Security and Privacy Rules is held by the Office for Civil Rights (OCR).