The Centers for Medicare & Medicaid Services (CMS) has authority to investigate complaints of non-compliance related to all of the HIPAA regulations except the Security Rule or the Privacy Rule.  The regulations for which CMS has enforcement authority include: the Transactions and Code Sets (TCS); the National Employer Identifier Number (EIN); and the National Provider Identifier (NPI).  CMS' enforcement authority does not extend to the HIPAA Security or Privacy Rules; which are enforced by the Office for Civil Rights (OCR).  Please note that from 2003 through the summer of 2009, CMS did have authority to enforce the Security Rule.  On July 27, 2009, the Secretary of Health and Human Services (HHS) issued a delegation that transferred the authority to administer and enforce the Security Rule from CMS to the Office for Civil Rights (OCR). 

To view the chart that reflects the type and number of cases CMS is investigating, please see the link in the Download section below.

Downloads
EnforcementData0909 [PDF, 36KB] EnforcementData0809 [PDF, 36KB] EnforcementData0709 [PDF, 23KB] EnforcementData0609 [PDF, 23KB] EnforcementData0509 [PDF, 23KB] EnforcementData0409 [PDF, 23KB] EnforcementData0309 [PDF, 23KB] EnforcementData0209 [PDF, 23KB] EnforcementData0109  [PDF, 23KB] EnforcementData2008[ZIP, 177KB]
Related Links Inside CMS
There are no Related Links Inside CMS
Related Links Outside CMS
There are no Related Links Outside CMS

Page Last Modified: 10/14/2009 3:55:22 PM
Help with File Formats and Plug-Ins