HIPAA Government Resources

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The HIPAA Privacy rule provides federal protections for individually identifiable health information and gives patients an array of rights with respect to that information. The goals of the statute include making it easier for people to keep health insurance, protect the confidentiality and security of healthcare information, and help the healthcare industry control administrative costs.

Compiled below are links to federal government resources about the HIPAA rules.

Notice of Privacy Practices
Notice of Privacy Practices for Protected Health Information
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/notice.html

Model Notices of Privacy Practices (English and Spanish)
http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html

Permitted Uses and Disclosures

Permitted Uses and Disclosures: Exchange for Health Care Operation (PDF)

Permitted Uses and Disclosures: Exchange for Treatment (PDF)

Patients' Families, Friends, and Personal Representatives
Communicating with a Patient’s Family, Friends, or Others Involved in the Patient’s Care

http://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html

Personal Representatives
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/personalreps.html

De-Identifying Patient Information
Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule 
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html
Law Enforcement
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule: A Guide for Law Enforcement (PDF)
Emergency Preparedness
Treatment, Payment, and Health Care Operations

Uses and Disclosures for Treatment, Payment and Health Care Operations
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/usesanddisclosuresfortpo.html

Marketing Communications

Marketing
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/marketing.html

The HIPAA Privacy Rule and Refill Reminders and Other Communications about a Drug or Biologic Currently Being Prescribed for the Individual
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/marketingrefillreminder.html

Public Health
Deceased Patients 
Mental Health

HIPAA Privacy Rule and Sharing Information Related to Mental Health
http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/mhguidance.html

HIPAA Audits

HIPAA Privacy, Security, and Breach Notification Audit Program
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html

Workers' Compensation
Government Access

Restrictions on Government Access to Health Information
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/govtaccess.html

General Information about Privacy Rule Topics
Medical Privacy of Protected Health Information (PDF)

This publication has links to government resources on:

  • Consent forms
  • Incidental disclosures
  • Email, telephone, and fax
  • Communications between health care professionals and patients’ families and friends
  • Child abuse reporting
Breach Notification Rule
Resources from the Office for Civil Rights (OCR)
OCR is the federal agency that enforces HIPAA. The OCR Health Information Privacy website, http://www.hhs.gov/ocr/privacy, offers numerous resources on HIPAA compliance, such as:

Frequently Asked Questions
http://www.hhs.gov/ocr/privacy/hipaa/faq/index.html


Unofficial Combined Regulation Text of All Rules
http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/index.html

Sign Up for the OCR Privacy & Security Listserv
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/listserv.html

OCR has posted HIPAA educational videos on YouTube:
https://www.youtube.com/user/USGovHHSOCR

For consumers, OCR offers factsheets about individuals’ rights under the HIPAA Privacy Rule:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers.

General Information on Privacy and Security Topics

The following resources, from federal government agencies other than OCR, offer information about health information privacy and security topics.

Health IT Playbook

Health IT Privacy and Security Resources for Providers 

Guide to Privacy and Security of Electronic Health Information (PDF)

Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices (PDF)

CYBERSECURITY (PDF) - The protection of data and systems in networks that connect to the Internet - 10 best practices for the small healthcare environment

Security Risk Assessment Videos

Mobile Devices