HIPAA links
Contact Us

Protecting the Privacy of Personal Health Information


Compliance & Enforcement


How to File a Health Information Privacy Complaint

Health Information Privacy Complaint Form [PDF]

Interim final rule: Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings [PDF]




The Privacy Rule

HIPAA Statute

The Security Rule

Identifier Standards

What is the Privacy Rule and why has HHS issued regulations?

Privacy Rule Summary [PDF]

HIPAA Glossary & Acronyms




HIPAA essentials outline

HIPAA Checklist

OCR Summary - HIPAA Privacy Rule

Frequently Asked Questions

Am I a covered entity?

Covered Entity Flowchart


HIPAA - Related Links


Centers for Medicare and Medicaid Services (CMS)

The Privacy Rule and Public Health (CDC)

The Privacy Rule and Research (NIH)

National Committee on Vital and Health Statistics (NCVHS)

Workgroup for Electronic Data Interchange

Portability of Health Coverage - Dept. of Labor

Full List of HIPAA-Related Links


For Consumers


Fact Sheet: Protecting the Privacy of Patients' Health Information


Security Standards for the Protection of Electronic Protected Health Information

  Small Providers and Insurance

Covered Entity Decision Tools

The Administrative Simplification standards adopted by HHS under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) apply to any entity that is:

  • a health care provider that conducts certain transactions in electronic form (called here a "covered health care provider")
  • a health care clearinghouse
  • a health plan
  • An entity that is one or more of these types of entities is referred to as a "covered entity" in the Administrative Simplification regulations.

Decision Tools

Is a Person, Business, or Agency a Covered Health Care Provider?

  • Does the person, business, or agency furnish, bill or receive payment for health care in the normal course of business?
  • Does the person, business, or agency conduct covered transactions?
  • Are any of the covered transactions transmitted in electronic form?

Is a Business or Agency a Health Care Clearinghouse?

  • Does the business or agency process, or facilitate the processing of, health information from nonstandard format or content into standard format or content or from standard format or content into nonstandard format or content?
  • Does the business or agency perform this function for another legal entity?

Is a Private Benefit Plan a Health Plan?

  • Is the plan an individual or group plan, or combination thereof, that provides, or pays for the cost of, medical care?
  • Is the plan a group health plan?
  • Does the plan have both of the following characteristics: (a) it has fewer than 50 participants, and (b) it is self-administered?

Is a Government-Funded Program a Health Plan?

  • Is the program one of the listed government health plans?

Covered Entity Charts

This guidance on how to determine whether an entity is a covered entity under the Administrative Simplification provisions of HIPAA is also available in a Covered Entity Flowchart (PDF, 61.4KB).


Education Materials


Summary of HIPAA Privacy Rule

Guidance on Specific Aspects of the Privacy Rule

Am I a Covered Entity?

Your Frequently Asked Questions on Privacy

Sample Business Associate contract

The Privacy Rule and Research

Misleading Marketing on HIPAA Training



Copyright 2003-2010 ©HIPAAnews.org All Rights Reserved.