HIPAA (the Health Insurance Portability and Accountability Act) increases customer data privacy requirements for healthcare companies. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records. The Centers for Medicare & Medicaid Services (CMS) will be responsible for enforcing the transaction and code set standards that are part of the administrative simplification provisions of HIPAA. The agency director must report to Congress no later than March 1 of each year on agency compliance.”]
Source: https://www.csoonline.com/article/2117900/compliance-calendar–comply-because-you-have-to.html