Technically in 1996, with the passage of the bill. although amnesty was extended until 2003.
PHI transmitted electronically
Confidentiality, Integrity, and Availability are the fundamental objectives of health information security and the HIPAA Security Rule requires covered entities and business associates to protect against threats and hazards to these objectives.
Which HHS Office is charged with protecting an individual patient's health information privacy and security through the enforcement of HIPAA
b. Confidentiality, integrity and availability
Security and Privacy
Pud Paroo
Office for Civil Rights (OCR)
The HIPAA Security Rule: Established a national set of standards for the protection of PHI that is created, received, maintained, or transmitted in electronic media by a HIPAA CE or BA; protects ePHI; and addresses three types of safeguards - administrative, technical and physical - that must be in place to secure individuals' ePHI.
Most of the technoloigcal requirements of HIPAA are discussed under The Security Rule.
A covered entity must have an established complaint process
I can't find a mention of such a requirement in either the Privacy or Security rule. So I'm going to say No, not as a HIPAA requirement.
HIPAA regulations require that anyone who may come in contact with protected health information must undergo training on HIPAA policies.