Security Rule Enforcement
The Security Rule is a set of federal security standards to protect the confidentiality, integrity, and availability of electronic protected health information. The Secretary of HHS delegated authority for administration and enforcement of the Security Rule to OCR on July 27, 2009. Before that date, the Centers for Medicare and Medicaid Services (CMS) was responsible for enforcing the Security Rule, including investigating complaints and conducting compliance reviews.
In 2008 and 2009, CMS conducted reviews of ten selected covered entities to assess their compliance with the standards set out in the Security Rule.