The Privacy Ruling was published in the Federal Register on December 28, 2000. The U.S. Department of Health and Human Services' Office for Civil Rights is responsible for enforcing this rule. There are civil and criminal penalties for violating this rule, including fines up to $250,000 and imprisonment for up to 10 years.
The privacy regulation has three major purposes:
- To protect and enhance the rights of consumers by providing them access to their health information and controlling the appropriate use of that information;
- To improve the quality of health care in the United States by restoring trust in the health care system among consumers, health care professionals and the many organizations and individuals committed to the delivery of health care; and
- To improve the efficiency and effectiveness of health care delivery by creating a national framework for health, privacy and protection.
Medicaid and Privacy - Updated 04/02/15
State Health Benefit Plan and Privacy - Updated 06/20/13
The following resources provide information about the Privacy Rule, as well as about other provisions of HIPAA.
Relevant Web Sites
- Department of Health and Human Services - Office for Civil Rights - Responsible for enforcing compliance with the Privacy Rule.
- Department of Health and Human Services - Administrative Simplification - Contains other information on the administrative simplification requirements of HIPAA.
- American Health Information Management Association - The association for health information professionals.
- Department of Health and Human Services - Model compliance extension form, frequently asked questions, links to other HIPAA sites, and information on regulations and the law are located here.
- FREE Video - CMS' "Meeting the HIPAA Challenge: Implementing the Administrative Simplifications of HIPAA." For a free video, e-mail your request to AskHipaa@cms.hhs.gov.
- FREE Listserve - http://aspe.hhs.gov/admnsimp/lsnotify.htm - Sign up to receive notification when proposed or final rules on HIPAA have been published in the Federal Register. The Federal Register is the place where the government, upon passing a law, tells the public how the law will be implemented.
- CMS E-Mail box - firstname.lastname@example.org. Send your questions on HIPAA administrative simplification here. Privacy-related questions should be directed to OCRPrivacy@hhs.gov or call (toll-free) (866) 627-7748.
- News for All Fee-For-Service (FFS) Medicare Providers