Centers for Medicare & Medicaid Services (CMS)
Office of E-Health Standards and Services (OESS)
H IPAA Non-Privacy Enforcement Information
Please read the following before filing a complaint with OESS.
The Department of Health and Human Services (HHS) delegated authority to Centers for Medicare & Medicaid Services (CMS) for enforcement of HIPAA Administrative Simplification regulations for Transactions and Code Sets, Unique Identifiers, and Security Standards. Specifically, the Office of E-Health Standards and Services (OESS), a CMS office, has the authority to investigate complaints of noncompliance with, and to make decisions regarding the interpretation, implementation, and enforcement of the HIPAA regulations except the Privacy Rule. Within CMS, OESS operates as a separate entity from CMS' Medicare and Medicaid related activities.
T
IMPORTANT:
This
form cannot be used for HIPAA Privacy complaints. Please refer
privacy complaints to the Office for Civil Rights at 1-800-368-1019
or visit their website:
Complaints to OESS must: (1) be filed in writing either on paper or electronically; (2) describe the acts or omissions believed to be in violation of the applicable administrative simplification provisions; (3) provide contact information, including name, address, and telephone number, for the complainant and the covered entity that are the subject of the complaint; (4) be filed within 180 days of when the complainant knew or should have known that the act or omission that is the subject of the complaint occurred. CMS may waive this time limit for good cause shown. OESS developed a paper complaint form to assist those interested in submitting a paper complaint. If you have Internet access, OESS strongly encourages you to use the Administrative Simplification Enforcement Tool (ASET) – a web based complaint submission system that located at https://htct.hhs.gov. ASET allows the user to file a complaint, upload files to support the complaint, and update the complaint during an investigation. Please note that OESS does not accept complaints filed via fax or email to ensure privacy of the information within the complaint. Mail completed forms to:
Centers for Medicare &
Medicaid Services
HIPAA Enforcement Activities
P.O. Box
8030
Baltimore, Maryland 21244-8030
A person who believes that a covered entity is not complying with the applicable administrative simplification provisions may file a complaint with CMS. OESS encourages voluntary compliance and requests that attempts be made to resolve disputes by working with the covered entity and/or consulting various HIPAA resources. For technical assistance on specific Transactions and Code Set issues, refer to the official HIPAA Implementation Guides available for download at the Washington Publishing Company website at www.wpc-edi.com. The Implementation Guides for the National Council for Prescription Drug Programs’ (NCPDP) retail pharmacy transactions are available at www.ncpdp.org.
Who can file a HIPAA Non-Privacy complaint?
Anyone can file a HIPAA Non-Privacy complaint. However, if you have questions, concerns, or would like clarification on HIPAA related issues, you should contact OESS for help. See our website for additional information at www.cms.hhs.gov/hipaa.
File Type | application/msword |
File Title | Please read the following before filing a complaint with OHS |
Author | CMS |
Last Modified By | CMS |
File Modified | 2006-11-29 |
File Created | 2006-11-29 |