HIPAA links
Contact Us

Protecting the Privacy of Personal Health Information


Compliance & Enforcement


How to File a Health Information Privacy Complaint

Health Information Privacy Complaint Form [PDF]

Interim final rule: Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings [PDF]




The Privacy Rule

HIPAA Statute

The Security Rule

Identifier Standards

What is the Privacy Rule and why has HHS issued regulations?

Privacy Rule Summary [PDF]

HIPAA Glossary & Acronyms




HIPAA essentials outline

HIPAA Checklist

OCR Summary - HIPAA Privacy Rule

Frequently Asked Questions

Am I a covered entity?

Covered Entity Flowchart


HIPAA - Related Links


Centers for Medicare and Medicaid Services (CMS)

The Privacy Rule and Public Health (CDC)

The Privacy Rule and Research (NIH)

National Committee on Vital and Health Statistics (NCVHS)

Workgroup for Electronic Data Interchange

Portability of Health Coverage - Dept. of Labor

Full List of HIPAA-Related Links


For Consumers


Fact Sheet: Protecting the Privacy of Patients' Health Information


Security Standards for the Protection of Electronic Protected Health Information

  Regulations and Standards

Office for Civil Rights - HIPAA Medical Privacy - National Standards to Protect the Privacy of Personal Health Information

Background and General Information

The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. The Department of Health and Human Services (HHS) has issued the regulation," Standards for Privacy of Individually Identifiable Health Information," applicable to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation. (See the Statement of Delegation of Authority to the Office for Civil Rights, as published in the Federal Register on December 28, 2000 - Below)

Office for Civil Rights

Statement of Delegation of Authority

[Federal Register: December 28, 2000 (Volume 65, Number 250)]
[Page 82381]
From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr28de00-100]

Notice is hereby given that I have delegated to the Director, Office for Civil Rights (OCR), with authority to redelegate, the following authorities vested in the Secretary of Health and Human Services:

  1. The authority under section 262 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, as amended, to the extent that these actions pertain to the Standards for the Privacy of Individually Identifiable Health Information, to:
    1. impose civil monetary penalties, under section 1176 of the Social Security Act, for a covered entity's failure to comply with certain requirements and standards;
    2. make exception determinations, under section 1178(a)(2)(A) of the Social Security Act, concerning when provisions of State laws that are contrary to the federal standards are not preempted by the federal provisions; and
  2. The authority under section 264 of HIPAA, as amended, to administer the regulations, ``Standards for the Privacy of Individually Identifiable Health Information,'' 45 CFR Part 164, and General Administrative Requirements, 45 CFR Part 160, as these requirements pertain to Part 164, and to make decisions regarding the interpretation, implementation and enforcement of these Standards and General Administrative Requirements.

I hereby affirm and ratify any actions taken by the Director of OCR, or any subordinates, involving the exercise of the authorities delegated herein prior to the effective date of this delegation. This Delegation of Authority is effective concurrent with the effective date of the regulations, 45 CFR Parts 160 through 164.


Copyright 2003-2010 ©HIPAAnews.org All Rights Reserved.