CY 2025 Complaint Enforcement/Compliance Review Analysis Report: NOW AVAILABLE
The Centers for Medicare & Medicaid Services (CMS) National Standards Group (NSG), acting on behalf of the U.S. Department of Health and Human Services (HHS), administers the Enforcement and Compliance Review Program to promote adherence to the Health Insurance Portability Accountability Act (HIPAA) standards for electronic health care transactions. These standards are intended to reduce administrative burden, improve operational efficiency, and support nationwide interoperability.
HIPAA Administrative Simplification provisions require covered entities to use standardized electronic transactions. The purpose of these provisions is to:
Ensure HIPAA standard electronic transactions are used regularly and correctly.
Stop the use of workarounds or paper processes when electronic transactions are required.
Reduce extra costs and paperwork burdens placed on providers.
CMS is charged on behalf of HHS with enforcing compliance with HIPAA-adopted Administrative Simplification requirements. Such activities include:
Educating health care providers, health plans, clearinghouses, and other affected groups, such as software vendors.
Adjudicating complaints of alleged non-compliance.
The CMS National Standards Group, on behalf of HHS, also administers the Compliance Review Program to ensure compliance of covered entities with HIPAA Administrative Simplification requirements for electronic health care transactions.
Covered entities are randomly selected for participation in the Compliance Review Program. During CY 2025, over 70 compliance reviews were conducted. For CY 2026, we plan to further expand these efforts, to strengthen oversight and ensure continued adherence to Administrative Simplification requirements.
