CMS-10662 Corrective_Action_Followup_Letter_508

DEPARTMENT OF HEALTH & HUMAN SERVICES
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop S2-26-17
Baltimore, Maryland 21244-1850
Corrective Action Follow up Letter
Date of Notice: FULLDATE
CONTACTNAME
JOBTITLE
CENAME
ADDRESS1
ADDRESS2
CITY, ST ZIP
Re: Corrective Action Number XXXXX
Dear TITLE LASTNAME:
In a Corrective Action notice dated (month, day, year), we informed you that the Department of
Health and Human Services (HHS), Division of National Standards (DNS) within the Centers for
Medicare & Medicaid Services’ (CMS), initiated a corrective action based on HIPAA violations
discovered during the  2017 assessment. In that notice, we requested
that you provide a Corrective Action Plan (CAP) that addresses the violations by (month, day,
year). To date, this office has not received a CAP, or a completed CAP, from .
Please submit a completed CAP by (month, day, year) to the HIPAA mailbox at
[email protected], or submit it to the Division of National Standards, at:
Centers for Medicare & Medicaid Services
HIPAA Enforcement
Attn: Division of National Standards
P.O. Box 8030
Baltimore, MD 21244-8030
Failure to provide a completed CAP will be considered willful neglect and may result in the
imposition of civil money penalties.
If you have any questions about this letter, please contact (contact name) at
[email protected], or 555-555-5555. When contacting this office, please include the
corrective action number located at the top of this letter.

Sincerely,
Madhu Annadata, Director
Division of National Standards
Office of Information Technology
cc:
Contact Name

In accordance with the Paperwork Reduction Act (1995), no persons are required to respond to a collection of information, unless it
displays a valid Office of Management and Budget (OMB) control number. The valid OMB control number for this information
collection is 0938-XXXX (Expires XX/XX/XXXX). The time required to complete this information collection is estimated to average
[10 hours] per response (4 forms x 60 minutes/form), including the time to review instructions, search existing data resources,
gather the data needed, and complete and review the information collection. If you have comments concerning the accuracy of the
time estimate(s) or suggestions for improving this form, please write to:
Centers for Medicare & Medicaid Services
Attn: PRA Reports Clearance Officer, Mail Stop C4-26-05
7500 Security Boulevard
Baltimore, Maryland 21244-1850
Please do not send applications, claims, payments, medical records or any documents containing sensitive information to the PRA
Reports Clearance Office. Any correspondence not pertaining to the information collection burden approved under the associated
OMB control number listed on this form will not be reviewed, forwarded, or retained. If you have questions or concerns regarding
where to submit your documents, please contact: Cecily Austin at [email protected] or Kevin Stewart at
[email protected] .

CAP Template
Assessed Entity Name:

Submitted by (Name):

Phone Number:

Corrective Action Number:

Submission Date:

Email Address:

Violation Description from Notice
1.
2.
3.
4.
5.
6.

Root Cause of Violation (Optional)

Notes/Comments

Major Milestones

Example: code updates
1.
2.
3.
4.
5.
6.

Planned Start
Date
01/01/17

Planned
Completion
Date
01/10/17

Responsible Party or Position

Developers

*For DNS Official Use Only*
Assessor 1 Signature: _________________________________
Assessor 1
Approval Date: _______________________________
Month Day Year