File a Complaint

File a Complaint
A woman on a laptop chatting with a gavel next to her.

The improved Administrative Simplification Enforcement and Testing Tool (ASETT) is available for use. You can use ASETT to file a complaint with the CMS National Standards Group (NSG) about alleged violations of the HIPAA Administrative Simplification requirements.

document icon
How to File a Complaint Infographic (PDF)
Follow the steps in this infographic to file a complaint.
document icon
Complaint Process Infographic (PDF)
Find out what happens when NSG receives a complaint.

How to File a Complaint

To file your HIPAA transactions, code sets, unique identifiers (employer and provider Identifiers) or operating rules complaint electronically, go to the Administrative Simplification Enforcement Testing Tool (ASETT).  

ASETT is fully integrated with CMS’s Identity Management (IDM) system. This tool provides registered ASETT users an additional level of security for filing complaints through Multi-Factor Authentication (MFA) and Remote Identity Proofing and allows attaching supporting documentation. Unregistered users can still file a complaint by clicking on the “Get Started” button on the ASETT home page.

Learn more about ASETT with these resources:

A man carrying a gear with chatboxes around him

ASETT Demonstration Video (Video)

This demonstration video walks users through how to register for ASETT, how to use it to file complaints against HIPAA covered entities for noncompliance with Administrative Simplification standards for electronic health care transactions, and how to test their electronic health care transactions, as well as their trading partners' transactions for potential noncompliance.

A man reaching for a document on a wall in a collection of documents

Reaching Compliance with ASETT (Video)

To help the health care community use electronic standards for administrative transactions, CMS has released the Reaching Compliance with ASETT video.

  • Explains the benefits of complying with Administrative Simplification standards, including substantial cost savings
  • Describes how ASETT—the Administrative Simplification Enforcement and Testing Tool—allows you to test transactions, both your own and your business trading partners’ transactions
  • Tells you how to use ASETT to file a complaint if you have any noncompliant business trading partners
A man piecing together a puzzle of a sheild sitting on a checkmark next to a gavel

Enforcing HIPAA Administrative Simplification Requirements (Video)

Enforcing Administrative Simplification requirements is essential to ensuring the health care community reaps the benefits of standardized transactions and reduced administrative costs. Learn more about how CMS enforces Administrative Simplification requirements in this video.

document icon
Quick Start Guide (PDF)
Provides a brief reference on the steps you need to register an account, log in, file a complaint and test a transaction.
document icon
User Manual (PDF)
Provides step-by-step instructions for users to effectively use all ASETT functions and features.
document icon
Frequently Asked Questions (PDF)
Have questions? Please review our FAQs and let us know if you have additional questions that we have not answered.
document icon
How to Test Electronic Health Care Transactions for HIPAA Compliance (PDF)
Provides an overview and step-by-step instructions of how to test transactions in ASETT.
document icon
Filing a Complaint with the Administrative Simplification Enforcement & Testing Tool (PDF)
Provides an overview of how to file a complaint for noncompliance with Administrative Simplification requirements.

File a Paper Complaint

document icon
HIPAA Administrative Simplification (Non-privacy/Security) Complaint Form (PDF)
To file an Administrative Simplification HIPAA-related paper complaint rather than an electronic one, please complete this OMB-approved form 0938-0948 and return it to the Centers for Medicare & Medicaid Services (CMS) with any related supporting documentation.

To file a HIPAA Privacy Rule and Security Rule complaint, please contact the HHS Office for Civil Rights (OCR). OCR manages HIPAA privacy and security complaints and enforcement activities.

Page Last Modified:
12/18/2024 10:52 PM