This practice note discusses the enforcement of the privacy rule, security rule, breach notification rule, and transaction rule under the Health Insurance Portability and Accountability Act (HIPAA) (Pub. L. No. 104-191). These requirements are known collectively as the HIPAA administrative simplification rules. Many employers that sponsor group health plans and are involved in plan administration may be subject to all or most of these rules and penalties for noncompliance can be severe. This practice note also provides a summary of enforcement activity in recent years and best practices for covered entities and business associates that handle protected health information to avoid HIPAA violations.