A Practice Note addressing procedures used by the Department of Health & Human Services (HHS) to enforce the privacy, security, and breach notification requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended. This resource describes HHS compliance reviews, complaint investigations, and civil money penalties (CMPs) for noncompliance, among other issues.