Skip to:

HIPAA (Health Information Privacy) « Health Care – General

HIPAAInformation, Resources and Articles & Publications re:
Health Insurance Portability and Accountability Act of 1996 (HIPAA)


Official Information about HIPAA:

  • HIPAA – Public Law 104-191 – 104th Congress (full text) (
    An Act – To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.
  • Summary of the HIPAA Privacy Rule (U.S. Dept. of Health & Human Services)
    This is a summary of key elements of the Privacy Rule including who is covered, what information is protected, and how protected health information can be used and disclosed. Because it is an overview of the Privacy Rule, it does not address every detail of each provision.
  • Understanding Health Information Privacy (U.S. Dept. of Health & Human Services)
    Learn about the Rules' protection of individually identifiable health information, the rights granted to individuals, OCR’s enforcement activities, and how to file a complaint with OCR.
  • U.S. Dept. of Health & Human Services
    The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
  • What is the Health Insurance Portabiity and Accountability Act of 1996? (U.S. Dept. of Labor)
    HIPAA is complemented by state laws that, while similar to HIPAA, may offer more generous protections. You may want to contact your state insurance commissioner's office to ask about the law where you live. A good place to start is the Web site of the National Association of Insurance Commissioners.

Resources For HIPAA:

    Provides single site extensive documentation, up-to-date resources, and expert commentary to assist healthcare covered entities, business associates, and stakeholders implement, comply and mitigate risks associated with hIPAA standards, and new HITECH Act requirements.
  • HIPAA (American Hospital Association)
    There are three types of standards created by HIPAA: privacy, security and administrative simplification. Taken together, these regulations have a major impact on the day-to-day functioning of the nation's hospitals and affect virtually every department of every entity that provides or pays for health care.
  • HIPAA (American Medical Association)
    HIPAA prompted new Federal regulations which require physicians to ensure they are protecting the privacy and security of patients' medical information and using a standard format when submitting electronic transactions, such as submitting claims to payers.
  • HIPAA Guide – Security and Privacy Rules
    For those in the business of providing access to information, these regulations are the proverbial double-edged sword. If patients now have expanded access to their own medical data, the quickest, cheapest and most convenient manner to provide this information is electronically through the internet. So those involved in designing web applications and hosting web sites can expect to see new HIPAA related opportunities. However, with these new opportunities come new responsibilities.
  • HIPAA Privacy Rule and Public Health (Centers for Disease Control)
    New regulations provide protection for the privacy of certain individually identifiable health data, referred to as protected health information (PHI). Balancing the protection of individual health information with the need to protect public health, the Privacy Rule expressly permits disclosures without individual authorization to public health authorities authorized by law to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to public health surveillance, investigation, and intervention.
  • How to File a Complaint
    If you believe that a covered entity violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy or Security Rule, you may file a complaint with OCR. OCR can investigate complaints against covered entities.

Articles About HIPAA:

  • How Can I Get a Free HIPAA Release Form? ( – 1/18/12)
    Two places: directly from the medical provider or from this website.  Some doctors, hospitals, and other healthcare providers have their own release forms that they will give patients to complete. If a particular provider doesn't have a form, then download and fill out the Free HIPAA Release Form offered on this site.
  • State Attorneys General Not Leaping to Embrace HIPAA Enforcement (iwatch news – 9/20/11)
    Only two state attorneys general have pursued the authority Congress gave them two years ago to prosecute privacy and security breaches of health information — despite training from federal agencies and a consensus among privacy groups that enforcement needs to improve.
  • Stimulus Package Health Provisions Significantly Expand HIPAA Privacy Standards (2/17/09)
    As part of the stimulus package, the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) significantly expands the HIPAA Privacy Rule and Security Standards. The following is a summary of the key provisions of the HITECH Act related to HIPAA.
  • Warning: HIPAA has Teeth and Will Bite over Healthcare Privacy Blunders (Network World – 9/9/11)
    Healthcare organizations that are performing risk assessments as a way to craft patient-privacy policies might want to consider a new potential attack vector: federal regulators. Later this year, the Department of Health and Human Services is expected to start auditing up to 150 health providers at random through December 2012 in an effort to find medical entities that fail to comply with HIPAA and HITECH regulations about how personal data must be handled securely.

Publications About HIPAA:

  • Patient's Guide to HIPAA: How to Use the Law to Guard Your Health Privacy (World Privacy Forum)
    The Guide offers a roadmap through the thicket of dense health privacy laws and rules that many patients have questions about. The purpose of this guide is to help patients cut through the red tape and understand how to make health privacy laws work to protect their privacy.