Department of Health & Human Services (HHS) Delegates Authority for the Health Insurance Portability & Accountability Act of 1996 (HIPAA) Security Rule to Office for Civil Rights

On August 3, 2009, OCR announced that the Secretary of Health and Human Services has delegated to the Director of OCR the authority to administer and enforce the HIPAA Security Rule. This action by Secretary Sebelius will improve HHS' ability to protect individuals' health information by combining the authority for administration and enforcement of the Federal standards for health information privacy and security called for in the HIPAA.

 

The transition of authority for the administration and enforcement of the Security Rule is expected to be seamless with no interruption in the management or processing of any complaints filed prior to the transition. Consumers may continue to submit HIPAA security complaints using the on-line resource - the Administrative Simplification Enforcement Tool (ASET), found at https:htct.hhs.gov/aset.  New security complaints may also be sent to the Office for Civil Rights.  For more information and detailed instructions on how to submit a complaint to OCR, visit the OCR website:  http://www.hhs.gov/ocr/privacy/hipaa/complaints/.  The transition of security complaints from CMS to OCR has no impact on how complaints about Transactions and Codes Sets or Unique Identifiers are filed or processed.  CMS retains its enforcement authority for these other HIPAA rules. 

 

View the Federal Register notice of the Delegation of Authority at http://www.hhs.gov/ocr/privacy/srdelegationofauthority2009.pdf and the Secretary's press release at http://www.hhs.gov/news/press/2009pres/08/20090803a.html .

 

 

-----------------------------------------------------------------------------------------------------------------

Note:  If you have problems accessing any hyperlink in this message, please copy and paste the URL into your Internet browser. 

If you received this message as part of the All FFS Providers listserv, you are currently subscribed to one of eighteen Medicare Fee-For-Service provider listservs.  If you would like to be removed from all NIH listservs, please go to (https://list.nih.gov/LISTSERV_WEB/signoff.htm) to unsubscribe.  If you would like to unsubscribe from a specific provider listserv, please go to (https://list.nih.gov/cgi-bin/show_list_archives) to unsubscribe or to leave the appropriate listserv. Please DO NOT respond to this email. This email is a service of CMS and routed through an electronic mail server to communicate Medicare policy and operational changes and/or updates. Responses to this email are not routed to CMS personnel. Inquiries may be sent by going to (http://www.cms.hhs.gov/ContactCMS). Thank you.