Form Approved: OMB # TBD
Expiration XX/XX/XXXX
DEPARTMENT OF HEALTH & HUMAN SERVICES
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop N1-19-21
Baltimore, Maryland 21244-1850
Notice of Corrective Action
Date of Notice: FULLDATE
CONTACTNAME
JOBTITLE
CENAME
ADDRESS1
ADDRESS2
CITY, ST ZIP
Re: Compliance Review Number XXXXX
Dear TITLE LASTNAME,
On (month, day, year), the Department of Health and Human Services (HHS), Division of
National Standards (DNS) within the Centers for Medicare & Medicaid Services’ (CMS) sent
a Notice of Draft Findings that included an opportunity to provide a
response to each violation cited in the 2018 assessment.
As a follow up to that notice, DNS has opened a corrective action record so that can address the violations that warrant corrective action. Refer to the enclosed
Interim Violations Summary Report for additional information, including a DNS reply for each
citation.
is expected to resolve the violations that warrant corrective action
by developing and executing a Corrective Action Plan (CAP). The CAP must include major
milestones, planned start and completion dates, as well as the party responsible for each
milestone. must provide the CAP within 30 days from the date of this
notice, (month, day, year). As a courtesy, the enclosed CAP template may be used.
You may use the link below to submit your CAP via our secure ASETT portal.
Link:
Security Token:
DNS will review the provided CAP and notify of its approval.
Additionally, as part of the corrective action process, DNS will follow up at the planned
completion date(s) of each milestone to verify its completion.
Disclosure Statement: According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information
unless it displays a valid OMB control number. The valid OMB control number for this information collection is XXXX-XXXX. The time
required to complete this information collection is estimated to average 5 hours per response, including the time to review instructions, search
existing data resources, gather the data needed, and complete and review the information collection. If you have comments, concerning the
accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: PRA Reports
Clearance Officer, Baltimore, Maryland 21244-1850.
Prior to closing the corrective action record, DNS must verify that has
fully executed the corrective action plan. will be asked to submit
verification, such as screenshots from its change request system, test system, ticket system, or
other applicable system(s) that demonstrates the CAP was executed.
If you have any questions regarding this notice, please send an email to
[email protected]. Please include the compliance review number located at the
top of this notice.
Sincerely,
Madhu Annadata, Director
Division of National Standards
Office of Information Technology
Enclosures - Interim Violations Summary Report, CAP Example and Template
Interim – Violations Summary Report
File Name(s):
Validation Tool Report File Name(s):
Individual File Name(s):
Violation #1 –
Warrant Corrective Action: Choose an item.
Validation Error ID:
Category:
Violation Description:
Reference(s):
Covered Entity Response
DNS Reply to Covered Entity (DNS Only)
File Name(s):
Validation Tool Report File Name(s):
Individual File Name(s):
Violation #2 –
Warrant Corrective Action: Choose an item.
Validation Error ID:
Category:
Violation Description:
Reference(s):
Covered Entity Response
DNS Reply to Covered Entity (DNS Only)
File Name(s):
Validation Tool Report File Name(s):
Individual File Name(s):
Violation #3 –
Warrant Corrective Action: Choose an item.
Validation Error ID:
Category:
Violation Description:
Reference(s):
Covered Entity Response
DNS Reply to Covered Entity (DNS Only)
Corrective Action Plan Example and Template
Table 1 – Complete all blank fields in this table.
Assessed Entity Name:
Submitted by Name:
Phone Number:
Compliance Review Number:
Submission Date:
Email Address:
Tables 2 and 3 – Example of a completed corrective action plan. A blank corrective action template is provided in Tables 4 & 5 below.
Violation
Number
Transaction
Type
Violation Error ID and Description from
Enclosure
1
837P
0x39393D2 ZIP Code is invalid in 2010BA, N403.
It should be formatted as 5 or 9 digits for US Zip
Code. This zip code was 4 digits.
Data Entry Error
Edit needs to be
added to software
program.
2
271
0x3938BCE Minimum data requirements for
response are not satisfied. Response did not
include EB03 value of “30.”
Mapping issue
Maps need to be
updated to provide
EB03 value of
“30.”
Violation
Number(s)
1, 2
Major Milestones
Code updates.
Test changes.
Code revisions as a result of testing.
Retest.
Promote to production environment.
Monitor production environment for impact.
Root Cause of Violation (Optional)
Planned Start
Date
01/02/18
01/11/18
01/17/18
01/22/18
01/24/18
01/24/18
Planned Completion
Date
01/10/18
01/16/18
01/19/18
01/23/18
01/24/18
01/31/18
Notes/Comments
Responsible Party
or Position
Developers
Test Team
Developers
Test Team
Database Team
Business Analyst
Corrective Action Plan Template
Table 4 & 5 – Complete all blank fields in the tables below. Additional rows may be inserted as needed.
Violation
Number
Transaction
Type
Violation Error ID and Description from
Enclosure
Violation
Number(s)
Major Milestones
Root Cause of Violation (Optional)
Planned Start
Date
Planned Completion
Date
Table 6 – For DNS official use only.
*For DNS Official Use Only*
Assessor 1 Signature: _________________________________
Assessor 1
Approval Date: _______________________________
Month Day Year
Notes/Comments
Responsible Party
or Position