HIPAA Enforcement Rule Landing Page
This is all about the HIPAA Enforcement Rule.
Issued by: Office for Civil Rights (OCR)
The HIPAA Enforcement Rule
The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings. The HIPAA Enforcement Rule is codified at 45 CFR Part 160, Subparts C, D, and E.
Enforcement Rule History
October 29, 2009 - HITECH Act Enforcement Interim Final Rule
September 14, 2005 - Extension of Expiration Date of Interim Final Rule (PDF)
April 18, 2005 - HIPAA Enforcement Rule – Proposed Rule (PDF)
September 15, 2004 - Extension of Expiration Date of Interim Final Rule (PDF)
April 28, 2003 - Correction of Expiration Date of Interim Final Rule (PDF)
April 17, 2003 - Procedures for Investigations, Imposition of Penalties, and Hearings – Interim Final Rule (PDF)
Omnibus HIPAA Rulemaking
- HHS announces a final rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for health information established under HIPAA.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the firstname.lastname@example.org.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.