1. Does the Secretary of HHS have the authority to monitor our compliance with the regulations?
2. What are a health care provider's obligations with respect to a compliance review or investigation by the Secretary?
3. What information is HHS entitled to during a compliance review or investigation?
4. Is it necessary to obtain a patient's consent prior to releasing protected health information to HHS during an investigation or compliance review?
5. What if some of the information that the Secretary wishes to see during a compliance review is in the possession of another agency or person?
6. Must health care providers grant access to HHS at any time day or night?
7. Will health care providers receive notice before HHS undertakes a compliance review or investigation?
8. After a compliance review, will health care providers be notified if they are found to be in compliance?
9. Are individual practices, group practices, clinics and hospitals liable for the violations by their staff and employees?
10. What options does HHS have if health care providers are found in noncompliance?
11. What are the penalties for not complying?
12. Will violations of the HIPAA regulations be used as a basis for violation findings under other HHS authorities; for instance, if health care providers violate HIPAA will be found in violation of the Medicare Conditions of Participation?
13. Can health care providers prohibit staff and employees from assisting the Secretary of HHS in an investigation or compliance review?