Full Text

The Centers for Medicare and Medicaid Services has published a notice describing its procedures for handling complaints of noncompliance with rules under the HIPAA administrative simplification provisions. The notice is available in the March 25 Federal Register, at gpoaccess.gov/fr/index.html. The notice covers complaints about non-compliance with the transactions and code sets, national employer identifier, data security, national provider identifier and national plan identifier rules. The centers will not accept complaints until on or after the compliance date of the rule in question. Compliance dates have passed for the transactions and employer identifier rules. In the newly published procedures, the centers reaffirms it will work with covered entities to obtain voluntary compliance with a HlPAA rule. If a covered entity in violation fails to become compliant in a timely manner, the department will pursue other options, such as civil fines. The Department of Health and Human Services' Office for Civil Rights is responsible for enforcing the privacy rule and has its own procedures for investigating complaints.