HIPAA links
Contact Us

Protecting the Privacy of Personal Health Information


Compliance & Enforcement


How to File a Health Information Privacy Complaint

Health Information Privacy Complaint Form [PDF]

Interim final rule: Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings [PDF]




The Privacy Rule

HIPAA Statute

The Security Rule

Identifier Standards

What is the Privacy Rule and why has HHS issued regulations?

Privacy Rule Summary [PDF]

HIPAA Glossary & Acronyms




HIPAA essentials outline

HIPAA Checklist

OCR Summary - HIPAA Privacy Rule

Frequently Asked Questions

Am I a covered entity?

Covered Entity Flowchart


HIPAA - Related Links


Centers for Medicare and Medicaid Services (CMS)

The Privacy Rule and Public Health (CDC)

The Privacy Rule and Research (NIH)

National Committee on Vital and Health Statistics (NCVHS)

Workgroup for Electronic Data Interchange

Portability of Health Coverage - Dept. of Labor

Full List of HIPAA-Related Links


For Consumers


Fact Sheet: Protecting the Privacy of Patients' Health Information


Security Standards for the Protection of Electronic Protected Health Information


Education Materials


Summary of HIPAA Privacy Rule

Guidance on Specific Aspects of the Privacy Rule

Am I a Covered Entity?

Your Frequently Asked Questions on Privacy

Sample Business Associate contract

The Privacy Rule and Research

Misleading Marketing on HIPAA Training


HIPAA Checklist


# Question Not Started In Process Completed
Awareness & Education
1 Has your organization had any Awareness Education on HIPAA Regulations and Compliance?      
2 Do you monitor or receive automated information regarding changes in HIPAA regulations      
Project Planning
3 Have you selected a Project Manager and Project Team for your HIPAA Project?      
4 Have you created a Project Plan?      
Electronic Transactions
5 Have you applied for the ACSA Electronic Transaction extension for your organization?      
6 Have you completed an inventory of all information systems and work flow processes with regard to Electronic Transactions?      
7 Have you compiled a list of vendors, health plans, business associates and trading partners?      
8 Have you gathered, reviewed and compared your current billing forms, policies, and procedures to the HIPAA Electronic Claims Transaction and Code Set regulations?      
9 Has your organization designated an Information Privacy and Security Officer as required by HIPAA?      
10 Have you developed a Notice of Information Practices to post in your office and distribute to each patient?      
11 Have you gathered, reviewed and compared your current forms, policies, and procedures to the HIPAA Privacy Regulations and State Privacy Regulations?      
12 Have you developed policies and procedures that meet the needs of your Human Resources Department with regard to Privacy requirements for the protection of health information of your staff?      
13 Have you developed processes for documenting, retaining, distributing and discarding  Protected Health Information (PHI) as required by HIPAA?      
14 Have you developed processes for receiving, investigating and documenting individual complaints?      
15 Have you developed or revised current consent forms for patients in line with HIPAA regulations?      
16 Do you have all forms that must be read and signed by patients in languages appropriate to their culture?      
17 Has your organization completed a Security Evaluation on the information systems used in conjunction with maintaining your current and future Protected Health Information?      
18 Does your organization have virus checking software, firewalls and operating systems that provide encryption and other security measures?      
19 Does your organization perform back-ups of your data daily?      
20 Does your organization have a Disaster Recovery and Contingency Plan to meet the HIPAA Security Standards?      
21 Has you organization developed security policies and procedures with regard to confidentiality statements, individually identifying information system users, passwords, automatic logoff, acceptable use, e-mail, internet usage, authentication of workstations, monitoring and documenting unauthorized access, audit trails of users, sanctions for misuse or disclosure and termination checklists?      
22 Has your organization provided for the overall physical security of your information systems, facility, staff, and medical records?      
23 Has your organization developed job descriptions for HIPAA required positions and all other positions in your organization?      
National Identifiers
24 Have you located, printed and read the Proposed Regulations for National Identifiers to include National Provider Identifier and National Payer Identifier, National Employer Identifier?      
General Information
25 Have you developed a comprehensive training program for your organizations staff (both present and future) covering all HIPAA standards to include responsibilities and penalties for non-compliance?      
26 Does your organization have a Compliance Officer and General Compliance Plan to cover such things as fraud and abuse, codes of conduct, whistle-blower suits, auditing and monitoring, disciplinary standards and personnel issues, responding to problems, investigations and corrective actions?      




Copyright 2003-2010 ©HIPAAnews.org All Rights Reserved.