The improved Administrative Simplification Enforcement and Testing Tool (ASETT) is available for use. You can use ASETT to file a complaint with the CMS National Standards Group (NSG) about alleged violations of the HIPAA Administrative Simplification requirements.

Follow the steps in this infographic to file a complaint.

How to File a Complaint
To file your HIPAA transactions, code sets, unique identifiers (employer and provider Identifiers) or operating rules complaint electronically, go to the Administrative Simplification Enforcement Testing Tool (ASETT).
ASETT is fully integrated with CMS’s Identity Management (IDM) system. This tool provides registered ASETT users an additional level of security for filing complaints through Multi-Factor Authentication (MFA) and Remote Identity Proofing and allows attaching supporting documentation. Unregistered users can still file a complaint by clicking on the “Get Started” button on the ASETT home page.
Learn more about ASETT with these resources:

Provides a brief reference on the steps you need to register an account, log in, file a complaint and test a transaction.

Provides step-by-step instructions for users to effectively use all ASETT functions and features.

Have questions? Please review our FAQs and let us know if you have additional questions that we have not answered.
File a Paper Complaint

To file an Administrative Simplification HIPAA-related paper complaint rather than an electronic one, please complete this OMB-approved form 0938-0948 and return it to the Centers for Medicare & Medicaid Services (CMS) with any related supporting documentation.
To file a HIPAA Privacy Rule and Security Rule complaint, please contact the HHS Office for Civil Rights (OCR). OCR manages HIPAA privacy and security complaints and enforcement activities.