HIPAA Government Resources

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The HIPAA Privacy rule provides federal protections for individually identifiable health information and gives patients an array of rights with respect to that information. The goals of the statute include making it easier for people to keep health insurance, protect the confidentiality and security of healthcare information, and help the healthcare industry control administrative costs.

Compiled below are links to federal government resources about the HIPAA rules.

Notice of Privacy Practices

Notice of Privacy Practices for Protected Health Information

https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html

Model Notices of Privacy Practices (English and Spanish)

https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/model-notices-privacy-practices/index.html

Permitted Uses and Disclosures

Permitted Uses and Disclosures: Exchange for Health Care Operation (PDF)

Permitted Uses and Disclosures: Exchange for Treatment (PDF)

Patients' Families, Friends, and Personal Representatives

Communicating with a Patient’s Family, Friends, or Others Involved in the Patient’s Care
https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html 

Personal Representatives
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/personalreps.html

De-Identifying Patient Information

Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule 
https://www.hhs.gov/guidance/document/de-identification-guidance

Law Enforcement

Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule: A Guide for Law Enforcement (PDF)

Emergency Preparedness

Emergency Preparedness Planning and Response
https://www.hhs.gov/guidance/document/de-identification-guidance

Disclosures for Emergency Preparedness - A Decision Tool
https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/decision-tool/index.html

Treatment, Payment, and Health Care Operations

Uses and Disclosures for Treatment, Payment and Health Care Operations
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/incidental-uses-and-disclosures/index.html

Marketing Communications

Marketing
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/marketing/index.html

The HIPAA Privacy Rule and Refill Reminders and Other Communications about a Drug or Biologic Currently Being Prescribed for the Individual
https://www.hhs.gov/hipaa/for-professionals/faq/marketing-refill-reminders/index.html

Deceased Patients 

Health Information of Deceased Individuals
https://www.hhs.gov/hipaa/for-professionals/faq/decedents/index.html

Mental Health

HIPAA Privacy Rule and Sharing Information Related to Mental Health
https://www.hhs.gov/hipaa/for-professionals/faq/mental-health/index.html

HIPAA Audits

HIPAA Privacy, Security, and Breach Notification Audit Program
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html

Workers' Compensation

Disclosures for Workers Compensation Purposes
https://www.hhs.gov/hipaa/for-professionals/faq/workers-compensation-disclosures/index.html

Government Access

Restrictions on Government Access to Health Information
https://www.hhs.gov/hipaa/for-professionals/faq/covered-entities/index.html

General Information about Privacy Rule Topics

Medical Privacy of Protected Health Information (PDF)

This publication has links to government resources on:

  • Consent forms
  • Incidental disclosures
  • Email, telephone, and fax
  • Communications between health care professionals and patients’ families and friends
  • Child abuse reporting
Breach Notification Rule

Breach Notification Rule
https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

Security Rule

HIPAA Security Series:

  1. Security 101 for Covered Entities
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/security101.pdf
  2. Security Standards: Administrative Safeguards
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf
  3. Security Standards: Physical Safeguards
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf 
  4. Security Standards: Technical Safeguards
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf 
  5. Security Standards: Organizational, Policies and Procedures and Documentation Requirements
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/pprequirements.pdf 
  6. Basics of Security Risk Analysis and Risk Management
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf
  7. Security Standards: Implementation for the Small Provider
    http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/smallprovider.pdf
Resources from the Office for Civil Rights (OCR)

OCR is the federal agency that enforces HIPAA. The OCR Health Information Privacy website, https://www.hhs.gov/hipaa/for-professionals/privacy/index.html, offers numerous resources on HIPAA compliance, such as:

Frequently Asked Questions
https://www.hhs.gov/hipaa/for-professionals/faq/index.html

Unofficial Combined Regulation Text of All Rules
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

Sign Up for the OCR Privacy & Security Listserv
https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html

OCR has posted HIPAA educational videos on YouTube:
https://www.youtube.com/user/USGovHHSOCR

For consumers, OCR offers factsheets about individuals’ rights under the HIPAA Privacy Rule:
https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html

General Information on Privacy and Security Topics

The following resources, from federal government agencies other than OCR, offer information about health information privacy and security topics.

Health IT Playbook

Health IT Privacy and Security Resources for Providers 

Guide to Privacy and Security of Electronic Health Information (PDF)

Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices (PDF)

CYBERSECURITY (PDF) - The protection of data and systems in networks that connect to the Internet - 10 best practices for the small healthcare environment

Security Risk Assessment Videos

Mobile Devices

Tags
Legal Regulatory HIPAA Practice Management
Related
Promoting Careers as a Dental Team Professional
Taking the Legal Pain Out of Buying and Selling a Dental Practice
How to Manage & Retain Staff During a Practice Transition

These materials are intended to provide helpful information to dentists and dental team members. They are in no way a substitute for actual professional advice based upon your unique facts and circumstances. This content is not intended or offered, nor should it be taken, as legal or other professional advice. Neither the ADA nor its affiliated entities make any representations or warranties, of any kind or any nature, whether express or implied, created by law, contract or otherwise, including, without limitation, any representations or warranties of merchantability, fitness for a particular purpose, title or non-infringement. You should always consult with your own professional advisors (e.g. attorney, accountant, insurance carrier). To the extent ADA has included links to any third party web site(s), ADA intends no endorsement of their content and implies no affiliation with the organizations that provide their content. Further, ADA makes no representations or warranties about the information provided on those sites.