HIPPA Violation File a Complaint
Guidance for using the Administrative Simplification Enforcement and Testing Tool to file a complaint about alleged violations of the HIPAA Administrative Simplification requirements.
Issued by: Centers for Medicare & Medicaid Services (CMS)
Issue Date: August 02, 2020
The improved Administrative Simplification Enforcement and Testing Tool (ASETT) is available for use. You can use ASETT to file a complaint with the CMS National Standards Group (NSG) about alleged violations of the HIPAA Administrative Simplification requirements.
Follow the steps in this infographic to file a complaint.
Find out what happens when NSG receives a complaint.
How to File a Complaint
To file your HIPAA transactions, code sets, unique identifiers (employer and provider Identifiers) or operating rules complaint electronically, go to the Administrative Simplification Enforcement Testing Tool (ASETT).
ASETT is fully integrated with CMS’s Identity Management (IDM) system. This tool provides registered ASETT users an additional level of security for filing complaints through Multi-Factor Authentication (MFA) and Remote Identity Proofing and allows attaching supporting documentation. Unregistered users can still file a complaint by clicking on the “Get Started” button on the ASETT home page.
Learn more about ASETT with these resources:
- Explains the benefits of complying with Administrative Simplification standards, including substantial cost savings
- Describes how ASETT—the Administrative Simplification Enforcement and Testing Tool—allows you to test transactions, both your own and your business trading partners’ transactions
- Tells you how to use ASETT to file a complaint if you have any noncompliant business trading partners
Enforcing Administrative Simplification requirements is essential to ensuring the health care community reaps the benefits of standardized transactions and reduced administrative costs. Learn more about how CMS enforces Administrative Simplification requirements in this video.
Provides a brief reference on the steps you need to register an account, log in, file a complaint and test a transaction.
Provides step-by-step instructions for users to effectively use all ASETT functions and features.
Have questions? Please review our FAQs and let us know if you have additional questions that we have not answered.
Provides an overview and step-by-step instructions of how to test transactions in ASETT.
Provides an overview of how to file a complaint for noncompliance with Administrative Simplification requirements.
File a Paper Complaint
To file an Administrative Simplification HIPAA-related paper complaint rather than an electronic one, please complete this OMB-approved form 0938-0948 and return it to the Centers for Medicare & Medicaid Services (CMS) with any related supporting documentation.
To file a HIPAA Privacy Rule and Security Rule complaint, please contact the HHS Office for Civil Rights (OCR). OCR manages HIPAA privacy and security complaints and enforcement activities.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the firstname.lastname@example.org.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.