Compliance

NCPDP Standards Compliance Process

NCPDP members have established a process that identifies the steps that should be followed when there is a suspected misapplication of an NCPDP standard(s). Misapplication of a standard might be the incorrect use of a field, format, value, or a stated standard use.

One step in the process is the submission of a 'Request to Review' form to the Standardization Liaison, Margaret Weiker at mweiker@ncpdp.org, after other pertinent steps have been completed.

NCPDP Standards are protected by copyright laws; see the second page of each document.

The Standards Compliance Process is not for requesting modifications to the NCPDP Standards or documents. Requests for such modifications should be submitted as DERFs or New Project Requests.

CMS Administrative Simplification Enforcement Tool

For filing HIPAA Transactions and Code Set (only) complaints to CMS, please go to https://asett.cms.gov/ASETT_HomePage.

HIPAA Audits

The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. See http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html.