CMS-10662 Notice_of_Corrective_Action_508

Administrative Simplification HIPAA Compliance Review (CMS-10662)

ASETT_Notice_of_Corrective_Action_

OMB: 0938-1390

Document [pdf]
Download: pdf | pdf
Form Approved: OMB # TBD
Expiration XX/XX/XXXX

DEPARTMENT OF HEALTH & HUMAN SERVICES
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop N1-19-21
Baltimore, Maryland 21244-1850
Notice of Corrective Action
Date of Notice: FULLDATE
CONTACTNAME
JOBTITLE
CENAME
ADDRESS1
ADDRESS2
CITY, ST ZIP
Re: Compliance Review Number XXXXX
Dear TITLE LASTNAME,
On (month, day, year), the Department of Health and Human Services (HHS), Division of
National Standards (DNS) within the Centers for Medicare & Medicaid Services’ (CMS) sent
 a Notice of Draft Findings that included an opportunity to provide a
response to each violation cited in the  2018 assessment.
As a follow up to that notice, DNS has opened a corrective action record so that  can address the violations that warrant corrective action. Refer to the enclosed
Interim Violations Summary Report for additional information, including a DNS reply for each
citation.
 is expected to resolve the violations that warrant corrective action
by developing and executing a Corrective Action Plan (CAP). The CAP must include major
milestones, planned start and completion dates, as well as the party responsible for each
milestone.  must provide the CAP within 30 days from the date of this
notice, (month, day, year). As a courtesy, the enclosed CAP template may be used.
You may use the link below to submit your CAP via our secure ASETT portal.
Link: 
Security Token: 
DNS will review the provided CAP and notify  of its approval.
Additionally, as part of the corrective action process, DNS will follow up at the planned
completion date(s) of each milestone to verify its completion.
Disclosure Statement: According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information
unless it displays a valid OMB control number. The valid OMB control number for this information collection is XXXX-XXXX. The time
required to complete this information collection is estimated to average 5 hours per response, including the time to review instructions, search
existing data resources, gather the data needed, and complete and review the information collection. If you have comments, concerning the
accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: PRA Reports
Clearance Officer, Baltimore, Maryland 21244-1850.

Prior to closing the corrective action record, DNS must verify that  has
fully executed the corrective action plan.  will be asked to submit
verification, such as screenshots from its change request system, test system, ticket system, or
other applicable system(s) that demonstrates the CAP was executed.
If you have any questions regarding this notice, please send an email to
[email protected]. Please include the compliance review number located at the
top of this notice.
Sincerely,
Madhu Annadata, Director
Division of National Standards
Office of Information Technology
Enclosures - Interim Violations Summary Report, CAP Example and Template

Interim – Violations Summary Report

File Name(s):
Validation Tool Report File Name(s):
Individual File Name(s):
Violation #1 –
Warrant Corrective Action: Choose an item.
Validation Error ID:

Category:

Violation Description:
Reference(s):
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

File Name(s):
Validation Tool Report File Name(s):
Individual File Name(s):
Violation #2 –
Warrant Corrective Action: Choose an item.
Validation Error ID:

Category:

Violation Description:
Reference(s):
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

File Name(s):
Validation Tool Report File Name(s):
Individual File Name(s):
Violation #3 –
Warrant Corrective Action: Choose an item.
Validation Error ID:

Category:

Violation Description:
Reference(s):
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

Corrective Action Plan Example and Template
Table 1 – Complete all blank fields in this table.
Assessed Entity Name:

Submitted by Name:

Phone Number:

Compliance Review Number:

Submission Date:

Email Address:

Tables 2 and 3 – Example of a completed corrective action plan. A blank corrective action template is provided in Tables 4 & 5 below.
Violation
Number

Transaction
Type

Violation Error ID and Description from
Enclosure

1

837P

0x39393D2 ZIP Code is invalid in 2010BA, N403.
It should be formatted as 5 or 9 digits for US Zip
Code. This zip code was 4 digits.

Data Entry Error

Edit needs to be
added to software
program.

2

271

0x3938BCE Minimum data requirements for
response are not satisfied. Response did not
include EB03 value of “30.”

Mapping issue

Maps need to be
updated to provide
EB03 value of
“30.”

Violation
Number(s)
1, 2

Major Milestones
Code updates.
Test changes.
Code revisions as a result of testing.
Retest.
Promote to production environment.
Monitor production environment for impact.

Root Cause of Violation (Optional)

Planned Start
Date
01/02/18
01/11/18
01/17/18
01/22/18
01/24/18
01/24/18

Planned Completion
Date
01/10/18
01/16/18
01/19/18
01/23/18
01/24/18
01/31/18

Notes/Comments

Responsible Party
or Position
Developers
Test Team
Developers
Test Team
Database Team
Business Analyst

Corrective Action Plan Template
Table 4 & 5 – Complete all blank fields in the tables below. Additional rows may be inserted as needed.
Violation
Number

Transaction
Type

Violation Error ID and Description from
Enclosure

Violation
Number(s)

Major Milestones

Root Cause of Violation (Optional)

Planned Start
Date

Planned Completion
Date

Table 6 – For DNS official use only.
*For DNS Official Use Only*
Assessor 1 Signature: _________________________________
Assessor 1
Approval Date: _______________________________
Month Day Year

Notes/Comments

Responsible Party
or Position


File Typeapplication/pdf
File TitleCMS Compliance Review Notice of Corrective Action
File Modified2023-11-01
File Created2018-12-21

© 2024 OMB.report | Privacy Policy