Assessment_Draft_Findings_Report
ASETT_Notice_of_Draft_Findings_2024_FINAL.docx
Administrative Simplification HIPAA Compliance Review (CMS-10662)
Assessment_Draft_Findings_Report
OMB: 0938-1390
Form Approved: OMB # 0938-1390
Expiration 12/31/2025
DEPARTMENT
OF HEALTH & HUMAN SERVICES
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop N1-19-21
Baltimore, Maryland 21244-1850
Notice
of Draft Findings
Date of Notice: FULLDATE
CONTACTNAME
JOBTITLE
CENAME
ADDRESS1
ADDRESS2
CITY, ST ZIP
Re: Compliance Review Number XXXXX
Dear FIRSTNAME LASTNAME:
On (month, day, year), the Department of Health and Human Services (HHS), National Standards Group (NSG) within the Centers for Medicare & Medicaid Services (CMS) completed the <Covered Entity Name> 20XX assessment.
The assessment included a review of transactions, code sets, unique identifiers, and operating rules. It was comprised of employing a validation tool to determine whether HIPAA transactions were compliant with the applicable 5010 ASC X12 standards and implementation guides. In addition, it included a manual review of companion guides and operating rule attestations, if applicable.
The assessment findings for <Covered Entity Name> reveals noncompliance in the following areas: transactions, code sets, unique identifiers, and operating rules. Refer to the enclosed Draft Violations Summary Report and corresponding validation tool report(s) that have been uploaded to the ASETT Covered Entity Portal. For assessment purposes, all unique error IDs and business messages with a “Normal” severity were reviewed. Please note, if envelope violations were present in the initial test of a transaction file (ISA/IEA – GS/GE), an alternative profile was used to bypass the envelope violations. This may have resulted in two corresponding validation tool report(s) for the same file when both contain “Normal” severity violations.
<Covered Entity Name> has the option of providing a response to each violation cited in the enclosed Draft Violations Summary Report. If <Covered Entity Name> disagrees with any violation, the basis for disagreement and all applicable references to support your position must be provided in writing. Your response must be received by this office no later than (month, day, year), (10 business days). All responses will be taken into consideration and a NSG reply will be furnished in a subsequent Violations Summary Report. In addition, all activity and/or violation status changes will be reflected in a subsequent Violations Summary Report and uploaded to the ASETT Covered Entity Portal.
As a courtesy, we have provided a “Covered Entity Response” section in the enclosed Draft Violations Summary Report. If you choose to respond using the “Covered Entity Response” section, please append “Response” to the file name of this notice and upload it to the ASETT Covered Entity Portal by the response due date. Please refer to the CMS Identity Management (IDM) System and Compliance Review Covered Entity Portal Access Quick Start User Guide to review instructions for accessing the ASETT Covered Entity Portal.
Once received, NSG will review your response and provide a reply in a subsequent notice. You can expect the subsequent notice no later than (month, day, year).
If you have any questions regarding this notice, please send an email to [email protected]. Please include the compliance review number located at the top of this notice.
Sincerely,
Michael Cimmino
Director, National Standards Group
Office of Healthcare Experience and Interoperability
Centers for Medicare & Medicaid Services
Enclosure – Draft Violations Summary Report
VIOLATION # 1 |
Covered Entity File Name: |
Validation Tool Reports |
Consolidated Output File Name: |
Individual Output File Name(s): |
Violation Information |
Violation Error ID: |
Category: |
Violation Description: |
Reference(s): |
Warrant Corrective Action: |
Covered Entity Response |
|
NSG Reply to Covered Entity (NSG Only) |
|
VIOLATION # 2 |
Covered Entity File Name: |
Validation Tool Reports |
Consolidated Output File Name: |
Individual Output File Name(s): |
Violation Information |
Violation Error ID: |
Category: |
Violation Description: |
Reference(s): |
Warrant Corrective Action: |
Covered Entity Response |
|
NSG Reply to Covered Entity (NSG Only) |
|
VIOLATION # 3 |
Covered Entity File Name: |
Validation Tool Reports |
Consolidated Output File Name: |
Individual Output File Name(s): |
Violation Information |
Violation Error ID: |
Category: |
Violation Description: |
Reference(s): |
Warrant Corrective Action: |
Covered Entity Response |
|
NSG Reply to Covered Entity (NSG Only) |
|
According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. The valid OMB control number for this information collection is 0938-1390 from the year of 2024 through 2025. The objective of the HIPAA Administrative Simplification information collection program is to conduct assessments and identify whether a covered entity is compliant with the HIPAA - adopted standards, and administrative simplification. The time required to complete this information collection is estimated to average less than 10 hours per response (4 forms x 60 minutes/form), including the time to review instructions, search existing data resources, gather the data needed, to review and complete the information collection. This information collection is mandatory (under 45 CFR § 160.310) If you have comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance Officer, Mail Stop C4-26-05, Baltimore, Maryland 21244-1850.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 2025-06-19 |
© 2025 OMB.report | Privacy Policy