With the deadline for the HIPAA privacy regulation past, the penalties for non-compliance with the rule are bound to follow. Despite the feds' claims that they'll work with providers on Health Insurance Portability and Accountability Act privacy and security rule compliance, the groundwork is being laid for imposing fines on wayward organizations. The process will be all too familiar if you've ever had a run-in with the HHS Office of Inspector General. In an interim final rule published in the April 17 Federal Register, the Department of Health and Human Services lays out its plans for HIPAA enforcement, and says its procedural model will be OIG rules on imposing civil monetary penalties. That means the cogs of HIPAA enforcement will be similar - in some cases virtually identical - to the OIG's CMP procedures: investigative subpoenas, administrative law judge hearings, prehearing document reviews, etc. HIPAA enforcement will be assigned to two HHS agencies: the HHS Office for Civil Rights and the Centers for Medicare & Medicaid Services. HHS "intends to seek and promote voluntary compliance," it stresses. Nevertheless, enforcement actions are inevitable and the agency says it wanted to get its enforcement cards on the table early on. Comments on HHS' enforcement plan are due June 16.