Home
FAQ's
HIPAA links
Contact Us

 

GENERAL INFORMATION

What is the Privacy Rule and why has HHS issued regulations?

Privacy Rule Summary [PDF - 372KB]

HIPAA Glossary & Acronyms

 

FOR CONSUMERS

Fact Sheet: Protecting the Privacy of Patients' Health Information

How to File a Health Information Privacy Complaint

REGULATIONS & STANDARDS

The Privacy Rule

HIPAA Statute

The Security Rule

Identifier Standards

EDUCATIONAL MATERIALS

Summary of HIPAA Privacy Rule [PDF - 372KB]

Guidance on Specific Aspects of the Privacy Rule

Am I a Covered Entity?

Your Frequently Asked Questions on Privacy

Sample Business Associate contract

The Privacy Rule and Research

Misleading Marketing on HIPAA Training

COMPLIANCE & ENFORCEMENT

How to File a Health Information Privacy Complaint

Interim final rule: Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings [PDF - 87KB]

 

Office for Civil Rights - HIPAA
Medical Privacy - National Standards to Protect the Privacy of Personal Health Information

Background and General Information

The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. The Department of Health and Human Services (HHS) has issued the regulation," Standards for Privacy of Individually Identifiable Health Information," applicable to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation. (See the Statement of Delegation of Authority to the Office for Civil Rights, as published in the Federal Register on December 28, 2000 - Below)

Office for Civil Rights

Statement of Delegation of Authority

[Federal Register: December 28, 2000 (Volume 65, Number 250)]
[Notices]
[Page 82381]
From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr28de00-100]

Notice is hereby given that I have delegated to the Director, Office for Civil Rights (OCR), with authority to redelegate, the following authorities vested in the Secretary of Health and Human Services:

  1. The authority under section 262 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, as amended, to the extent that these actions pertain to the Standards for the Privacy of Individually Identifiable Health Information, to:
    1. impose civil monetary penalties, under section 1176 of the Social Security Act, for a covered entity's failure to comply with certain requirements and standards;
    2. make exception determinations, under section 1178(a)(2)(A) of the Social Security Act, concerning when provisions of State laws that are contrary to the federal standards are not preempted by the federal provisions; and
  2. The authority under section 264 of HIPAA, as amended, to administer the regulations, ``Standards for the Privacy of Individually Identifiable Health Information,'' 45 CFR Part 164, and General Administrative Requirements, 45 CFR Part 160, as these requirements pertain to Part 164, and to make decisions regarding the interpretation, implementation and enforcement of these Standards and General Administrative Requirements.

I hereby affirm and ratify any actions taken by the Director of OCR, or any subordinates, involving the exercise of the authorities delegated herein prior to the effective date of this delegation. This Delegation of Authority is effective concurrent with the effective date of the regulations, 45 CFR Parts 160 through 164.


Dated: December 20, 2000. Donna E. Shalala, Secretary.

 

  

Copyright ©003-2005 hipaanews.org. All Rights Reserved.