HIPAA Information Tracking System (HITS),
System No. 09–70–0544

(as published in the Federal Register, July 6, 2005)

SUMMARY: In accordance with the requirements of the Privacy Act of 1974, the Centers for Medicare and Medicaid Services (CMS) is proposing to establish a new system of records titled, "Health Insurance Portability and Accountability Act (HIPAA) Information Tracking System (HITS), System No. 09-70-0544." The Office of E-Health Standards and Services (OESS) has been delegated the responsibility to regulate and enforce compliance for violations of Transactions and Code Sets (TCS), Security, and Unique Identifier provisions of HIPAA. Enforcement of these provisions is a complaint-driven process, seeking voluntary compliance from all HIPAA covered entities. OESS has procured the services of a contractor to provide a database for complaint intake and management, to manage and maintain the overall electronic complaint process.

The purpose of this system is to store the results of all OESS regional investigations, to determine if there were violations as charged in the original complaint, to investigate complaints that appear to be in violation of the HIPAA TCS, Security, and Unique Identifier provisions, to refer violations to law enforcement activities as necessary, and to maintain and retrieve records of the results of the complaint investigations.

Full Document (PDF)