HIPAA Resources

THE HIPAA PRIVACY REGULATIONS
The Administrative Simplification Provisions of the
Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The HIPAA privacy regulations are administered by the Office For Civil Rights of the U.S. Department of Health and Human Services and included below are the regulations and supporting documentation released by OCR, as well as the statutory basis for the privacy regulations.

The Administrative Simplification Provisions of the HIPAA statute

Statutory Penalities for Noncompliance

The Regulations

Complete Annotated Text of the Original December 2001 Privacy Regulations With August 2002 Revisions
This full text version from the Ohio HIPAA Statewide Project displays the August 2002 revisions in comparerite format.

Complete Text of the HIPAA Privacy Regulations
This full text version from the HHS Office of Civil Rights includes the complete text of the regulation, including the August 2002 revisions.

HIPAA Privacy Regulations Amendments - August 14, 2002
Information on and text of the August 14, 2002 revisions to the HIPAA privacy regulations.

Complete Text of December 28, 2000 Final Regulations on Standards for Privacy of Individually Identifiable Health Information
This rule establishes standards to protect the privacy of individually identifiable health information maintained or transmitted in connection with certain administrative and financial transactions. The rules, which apply to health plans, health care clearinghouses, and certain health care providers, set standards with respect to the rights individuals who are the subject of this information should have, procedures for the exercise of those rights, and the authorized and required uses and disclosures of this information. The rules become effective on April 14, 2001 and compliance is required two years thereafter for covered entities.

Guidance and Interpretation

Frequently Asked Questions and Answers
Guidance from HHS in the form of frequently asked questions and answers released December 3, 2002.

First Guidance on the Final Privacy Rule
On July 6, 2001, the Department of Health and Human Services released this Privacy Guidance Document providing answers to questions regarding the final HIPAA privacy regulations. The Guidance lists areas of the regulations where further changes are planned.

Business Associate Agreements and Surveys and Accreditation
March 2003 letter from CMS to state survey agencies regarding business associate agreements and their relationship to state surveys and accreditation.

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
April 2003 release from U.S. Department of Health and Human Services providing general background information on HIPAA privacy and specific and detailed information on research studies under HIPAA.

Additional Guidance on Research
April 2003 letter from the Director of the Office of Civil Rights to Eli Lily & Company, offering additional guidance on research and the privacy regulations.

Compliance and Enforcement

Enforcement Rule
This interim final rule establishes rules of procedure for the imposition, by the Secretary of Health and Human Services, of civil money penalties on entities that violate HIPAA standards. HHS states in the rule that it is the first installment of a rule termed the "Enforcement Rule." The Enforcement Rule, when issued in complete form, will set forth procedural and substantive requirements for imposition of civil money penalties. In the interim, this rule of procedure is to inform regulated entities of HHS' approach to enforcement and to advise regulated entities of certain procedures that will be followed in enforcement. Note that the rule has not yet been published in the Federal Register. View in html format or pdf format.

HIPAA Privacy Complaint Process
The process for filing a HIPAA privacy complaint with the federal government was published March 20, 2003 in the Federal Register. The notice lists the time for filing such a complaint and the addresses for filing the complaints. View in html format or pdf format.