HIPAA Compliance Guide

HIPAA Overview & Regulations

HIPAA Compliance Guide
What is HIPAA? What is a HIPAA BAA?
Regulations
General Administrative Requirements
Subpart A
General Provisions
Subpart B
Preemption Of State Law
Subpart C
Compliance and Investigations
Subpart D
Imposition of Civil Money Penalties
Subpart E
Procedures for Hearings
Administrative Requirements
Subpart A
General Provisions
Subpart D
Standard Unique Health Identifier For Health Care Providers
Subpart E
Standard Unique Health Identifier For Health Plans
Subpart F
Standard Unique Employer Identifier
Subpart I
General Provisions For Transactions
Subpart J
Code Sets
Subpart K
Health Care Claims Or Equivalent Encounter Information
Subpart L
Eligibility For A Health Plan
Subpart M
Referral Certification And Authorization
Subpart N
Health Care Claim Status
Subpart O
Enrollment And Disenrollment In A Health Plan
Subpart P
Health Care Electronic Funds Transfers (EFT) And Remittance Advice
Subpart Q
Health Plan Premium Payments
Subpart R
Coordination Of Benefits
Subpart S
Medicaid Pharmacy Subrogation
Security and Privacy
Subpart A
General Provisions
Subpart C
Security Standards For The Protection Of Electronic Protected Health Information
Subpart D
Notification In The Case Of Breach Of Unsecured Protected Health Information
Subpart E
Privacy Of Individually Identifiable Health Information

General Administrative Requirements   >   Imposition of Civil Money Penalties

§ 160.420 Notice of proposed determination

(a) If a penalty is proposed in accordance with this part, the Secretary must deliver, or send by certified mail with return receipt requested, to the respondent, written notice of the Secretary’s intent to impose a penalty. This notice of proposed determination must include–

(1) Reference to the statutory basis for the penalty;

(2) A description of the findings of fact regarding the violations with respect to which the penalty is proposed (except that, in any case where the Secretary is relying upon a statistical sampling study in accordance with § 160.536 of this part, the notice must provide a copy of the study relied upon by the Secretary);

(3) The reason(s) why the violation(s) subject(s) the respondent to a penalty;

(4) The amount of the proposed penalty and a reference to the subparagraph of § 160.404 upon which it is based.

(5) Any circumstances described in § 160.408 that were considered in determining the amount of the proposed penalty; and

(6) Instructions for responding to the notice, including a statement of the respondent’s right to a hearing, a statement that failure to request a hearing within 90 days permits the imposition of the proposed penalty without the right to a hearing under § 160.504 or a right of appeal under § 160.548 of this part, and the address to which the hearing request must be sent.

(b) The respondent may request a hearing before an ALJ on the proposed penalty by filing a request in accordance with § 160.504 of this part.

[71 FR 8426, Feb. 16, 2006, as amended at 74 FR 56131, Oct. 30, 2009]

HIPAA Regulations

§ 160.418: Penalty not exclusive

HIPAA Regulations

§ 160.422: Failure to request a hearing