• Text Resize A A A
  • Print Print
  • Share Share on facebook Share on twitter Share

The HIPAA Enforcement Rule

The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings.  The HIPAA Enforcement Rule is codified at 45 CFR Part 160, Subparts C, D, and E.

Enforcement Rule History

October 29, 2009 - HITECH Act Enforcement Interim Final Rule

February 16, 2006 - HIPAA Enforcement Rule – Final Rule (PDF)

September 14, 2005 - Extension of Expiration Date of Interim Final Rule  (PDF)

April 18, 2005 - HIPAA Enforcement Rule – Proposed Rule (PDF)

September 15, 2004 - Extension of Expiration Date of Interim Final Rule (PDF)

April 28, 2003 - Correction of Expiration Date of Interim Final Rule (PDF)

April 17, 2003 - Procedures for Investigations, Imposition of Penalties, and Hearings – Interim Final Rule (PDF)

Omnibus HIPAA Rulemaking

  • HHS announces a final rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for health information established under HIPAA.


Content created by Office for Civil Rights (OCR)
Content last reviewed on July 26, 2013
Back to Top