The HIPAA Enforcement Rule

The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings.  The HIPAA Enforcement Rule is codified at 45 CFR Part 160, Subparts C, D, and E.

Enforcement Rule History

January 25, 2013 - Omnibus HIPAA Rulemaking (78 FR 5566)

October 29, 2009 - HITECH Act Enforcement Interim Final Rule

February 16, 2006 - HIPAA Enforcement Rule – Final Rule (PDF)

September 14, 2005 - Extension of Expiration Date of Interim Final Rule  (PDF)

April 18, 2005 - HIPAA Enforcement Rule – Proposed Rule (PDF)

September 15, 2004 - Extension of Expiration Date of Interim Final Rule (PDF)

April 28, 2003 - Correction of Expiration Date of Interim Final Rule (PDF)

April 17, 2003 - Procedures for Investigations, Imposition of Penalties, and Hearings – Interim Final Rule (PDF)

Content created by Office for Civil Rights (OCR)
Content last reviewed