Form CMS-10148 HIPAA Administrative Simplification (Non-Privacy) Compla

0938-0948 (Expires xx/xx/xxxx)
Centers for Medicare & Medicaid Services

HIPAA ADMINISTRATIVE SIMPLIFICATION (NONPRIVACY/SECURITY) COMPLAINT FORM
IMPORTANT: This form cannot be used for HIPAA Privacy or Security complaints. Please direct privacy/security
complaints to the Office for Civil Rights at (800) 368-1019 or visit their website: www.hhs.gov/ocr/hipaa
If you have general questions regarding HIPAA, please consult the CMS website at
https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACUA
SELECT COMPLAINT TYPE(S)
o TRANSACTIONS
Select if a covered entity is in violation of the following transactions; claims and encounter information,
payment and remittance advice, claims status, eligibility, enrollment and disenrollment, referrals
and authorizations, coordination of benefits and premium payment.
o CODE SETS
Select if a covered entity is in violation of the following Code Sets: HCPCS (Ancillary Services/Procedures),
2021 CPT (Physicians Procedures), CDT (Dental Terminology), ICD-10, and NDC (National Drug Codes)
codes with which providers and health plans are familiar. These are the adopted code sets for procedures,
diagnoses, and drugs.
o UNIQUE IDENTIFIERS
Select if a covered entity is in violation of the following Unique Identifiers: National Provider Identifier (NPI),
or Employer Identification Number (EIN).
o OPERATING RULES
Select if a covered entity is suspected of being in violation of any of the adopted Operating Rules: Eligibility
for a Health Plan and Claims Status, and Electronic Funds Transfer and Remittance Advice.
https://www.caqh.org/core/operating-rules

1

Centers for Medicare & Medicaid Services (CMS)

HIPAA ADMINISTRATIVE SIMPLIFICATION (NON-PRIVACY/SECURITY) COMPLAINT FORM
COMPLAINANT DETAILS
*Mandatory fields to be filled in
Would you like to remain anonymous?*
○ YES
○ NO
If you select yes, please note CMS will not share information with the Filed Against Entity (FAE) during the
investigation process. However, information provided in this complaint is subject to rules and policy under
Freedom of Investigation Act (FOIA).
Complainant Organization Name*:
Complainant Organization Type:
Complainant Organization Role:
Complainant Organization Phone Number*:
Complainant Title*:
Complainant First Name*:
Complainant MI:
Complainant Last Name*:
Complainant Address Line 1*:
Complainant Address Line 2:
Complainant City/Town*:
Complainant State/Territory*:
Complainant Zip Code*:
Complainant Email Address*:
Complainant Contact Phone Number*:
Complainant Cell Phone Number:

2

Centers for Medicare & Medicaid Services (CMS)
HIPAA ADMINISTRATIVE SIMPLIFICATION (NON-PRIVACY/SECURITY) COMPLAINT FORM
FILED AGAINST ENTITY (FAE) DETAILS
*Mandatory fields to be filled in
FAE Organization Name*:
FAE Organization Type:
FAE Organization Role:
FAE Contact Title*:
FAE Contact First Name*:
FAE Contact MI:
FAE Contact Last Name*:
FAE Address Line 1*:
FAE Address Line 2:
FAE City/Town*:
FAE State/Territory*:

FAE Zip Code*:
FAE Contact Email Address:
FAE Contact Phone Number*:

3

Centers for Medicare & Medicaid Services (CMS)
HIPAA ADMINISTRATIVE SIMPLIFICATION (NON-PRIVACY/SECURITY) COMPLAINT FORM
COMPLAINT DETAILS
UPDATE
*Mandatory
o Non-Compliant
fields to be filled
HIPAA
in Transaction Received - You received a non-compliant HIPAA transaction from
a covered entity.
o Compliant Transaction Sent and Rejected - A covered entity rejected your compliant HIPAA
transaction.
o Invalid Companion Guide - A covered entity that you send data to or receive data from requires use
of a non-compliant companion guide. For example, a companion guide must not specify additional
fields beyond those specified by the adopted standard.
o Code Set Received or Sent and Rejected - Either or both of these examples may apply: (1) A covered
entity sent you a non-compliant HIPAA code within an electronic transaction. (2) A covered entity rejected
a compliant HIPAA code that you sent within an electronic transaction.
o Failure to Conduct a Standard Transaction – A covered entity failed to conduct a standard transaction.
o Other - You have another type of complaint against a covered entity. Please describe below:

4

Centers for Medicare & Medicaid Services (CMS)
HIPAA ADMINISTRATIVE SIMPLIFICATION (NON-PRIVACY/SECURITY) COMPLAINT FORM
COMPLAINT DETAILS
UPDATE
Incident Occurred Date*: Ex. [2/27/2017]
*Mandatory fields to be filled in
Complaint Subject*:
Complaint Description*:
Does the complaint relate to the FAE charging fees to conduct standard transactions?

Complaint Transaction Type:
Attempted to Resolve:
Complainant Action Description:

Complaint Previously Submitted:

Yes/No (circle)

5

Centers for Medicare & Medicaid Services (CMS)
HIPAA ADMINISTRATIVE SIMPLIFICATION (NON-PRIVACY/SECURITY) COMPLAINT FORM
TRANSACTION TYPES
o
o
o
o
o
o
o
o
o
o
o
o
o
o

None
270 - Eligibility, Coverage or Benefit Inquiry
271 - Eligibility, Coverage or Benefit Information
276 - Healthcare Claim Status Request
277 - Healthcare Claim Status Notification
278 - Healthcare Services Review - Request to Review
278 - Healthcare Services Review - Response Request to Review
820 - Payment Order - Remittance Advice
834 - Benefit Enrollment and Maintenance
835 - Healthcare Claim Payment / Advice
837 - Healthcare Claim - Institutional
837 - Healthcare Claim - Dental
837 - Healthcare Claim - Professional
NCPDP Retail Pharmacy Transactions

Please sign and date this complaint.
SIGNATURE:

DATE:

PRINTED NAME:
Filing a complaint with CMS is voluntary. However, without the information requested on the complaint
form, CMS may be unable to proceed with the complaint. CMS collects this information under authority of
68 FR 60694 (October 23, 2003) issued pursuant to the HIPAA. CMS will use the information provided to
determine if CMS has jurisdiction and, if so, how CMS will process the complaint. Information submitted on
the complaint form is treated confidentially and is protected under the provisions of the Privacy Act of 1974.
Names or other identifying information about individuals are disclosed only when it is necessary for
investigation of possible HIPAA A.S. Non-privacy violations, for internal systems operations, or for routine
uses, which include disclosure of information outside the Department for purposes associated with HIPAA
A.S. Non-Privacy compliance and as permitted by law. To submit an electronic complaint, go to
https://asett.cms.gov/
PRA Disclosure Statement
In accordance with the Paperwork Reduction Act (1995), no persons are required to respond to a collection of information unless it
displays a valid Office of Management and Budget (OMB) control number. The valid OMB control number for this information collection is
0938-0948 (Expires xx/xx/xxxx). The time required to complete this information collection is estimated to average 1 hour per response,
including the time to review instructions, search existing data resources, gather the data needed, and complete and review the
information collection. If you have comments concerning the accuracy of the time estimate(s) or suggestions for improving thi s form,
please write to: Centers for Medicare & Medicaid Services, Attn: PRA Reports Clearance Officer, Mail Stop C 4-26-05, 7500 Security
Boulevard, Baltimore, Maryland 21244-1850. Please do not send applications, claims, payments, medical records or any documents
containing sensitive information to the PRA Reports Clearance Office. ***CMS Disclosure*** Any corresponde nce not pertaining to the
information collection burden approved under the associated OMB control number listed on this form will not be reviewed, forw arded, or
retained. If you have questions or concerns regarding where to submit your documents, please co ntact: Cecily Austin at
[email protected] or Kevin Stewart at [email protected].

6