HIPAA Government Resources

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The HIPAA Privacy rule provides federal protections for individually identifiable health information and gives patients an array of rights with respect to that information. The goals of the statute include making it easier for people to keep health insurance, protect the confidentiality and security of healthcare information, and help the healthcare industry control administrative costs.

Compiled below are links to federal government resources about the HIPAA rules.

Notice of Privacy Practices

Notice of Privacy Practices for Protected Health Information


Model Notices of Privacy Practices (English and Spanish)


Permitted Uses and Disclosures

Permitted Uses and Disclosures: Exchange for Health Care Operation (PDF)

Permitted Uses and Disclosures: Exchange for Treatment (PDF)

Patients' Families, Friends, and Personal Representatives

Communicating with a Patient’s Family, Friends, or Others Involved in the Patient’s Care

Personal Representatives

De-Identifying Patient Information

Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule 

Law Enforcement

Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule: A Guide for Law Enforcement (PDF)

Emergency Preparedness
Treatment, Payment, and Health Care Operations

Uses and Disclosures for Treatment, Payment and Health Care Operations

Marketing Communications


The HIPAA Privacy Rule and Refill Reminders and Other Communications about a Drug or Biologic Currently Being Prescribed for the Individual

Deceased Patients 
Mental Health

HIPAA Privacy Rule and Sharing Information Related to Mental Health

HIPAA Audits

HIPAA Privacy, Security, and Breach Notification Audit Program

Workers' Compensation
Government Access

Restrictions on Government Access to Health Information

General Information about Privacy Rule Topics

Medical Privacy of Protected Health Information (PDF)

This publication has links to government resources on:

  • Consent forms
  • Incidental disclosures
  • Email, telephone, and fax
  • Communications between health care professionals and patients’ families and friends
  • Child abuse reporting
Breach Notification Rule
Resources from the Office for Civil Rights (OCR)

OCR is the federal agency that enforces HIPAA. The OCR Health Information Privacy website, https://www.hhs.gov/hipaa/for-professionals/privacy/index.html, offers numerous resources on HIPAA compliance, such as:

Frequently Asked Questions

Unofficial Combined Regulation Text of All Rules

Sign Up for the OCR Privacy & Security Listserv

OCR has posted HIPAA educational videos on YouTube:

For consumers, OCR offers factsheets about individuals’ rights under the HIPAA Privacy Rule:

General Information on Privacy and Security Topics

The following resources, from federal government agencies other than OCR, offer information about health information privacy and security topics.

Health IT Playbook

Health IT Privacy and Security Resources for Providers 

Guide to Privacy and Security of Electronic Health Information (PDF)

Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices (PDF)

CYBERSECURITY (PDF) - The protection of data and systems in networks that connect to the Internet - 10 best practices for the small healthcare environment

Security Risk Assessment Videos

Mobile Devices