NCPDP Standards Compliance Process

NCPDP members have established a process that identifies the steps that should be followed when there is a suspected misapplication of an NCPDP standard(s). Misapplication of a standard might be the incorrect use of a field, format, value, or a stated standard use.

NCPDP Standards are protected by copyright laws; see the second page of each document.

Steps for Standard Compliance
One step in the process is the submission of a 'Request to Review' form to the Standardization Liaison, Margaret Weiker at, after other pertinent steps have been completed.

For the 'Request to Review' form, click here.

The Standards Compliance Process is not for requesting modifications to the NCPDP Standards or documents. Requests for such modifications should be submitted as DERFs or New Project Requests.

CMS Administrative Simplification Enforcement Tool

For filing HIPAA Transactions and Code Set (only) complaints to CMS, please go to

HIPAA Audits

The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. See .

HIPAA Enforcement Regulations

On February 16 2006, the Final Rule on HIPAA Enforcement was published in the Federal Register. The Final Rule adopts the complete regulatory structure for implementing the civil money penalty authority of the Administrative Simplification part of HIPAA (SSA, section 1176), completing the structure begun when the Privacy Rule was issued in 2000 and expanded by the interim final procedural enforcement rules issued in 2003. The Final Rule covers the enforcement process from its beginning, which will usually be a complaint or a compliance review, through its conclusion. A complaint or compliance review may result in informal resolution, a finding of no violation, or a finding of violation. If a finding of violation is made, a civil money penalty will be sought for the violation, which can be challenged by the covered entity through a formal hearing and appellate review process. These rules apply to covered entities that violate any of the rules implementing the Administrative Simplification provisions of HIPAA.

For problems with the site please contact us at