The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law created to improve stability of health insurance coverage and protect the patients’ privacy by requiring health plans, health care clearing houses, and health care providers (all considered “covered entities”) to follow certain rules. HIPAA includes:

  • Improved efficiency in healthcare delivery.
  • Protection of confidentiality and security of “individually identifiable health information,” past, present or future.
  • Standardization of electronic patient health records, administrative and financial data.
  • Unique health identifiers for individuals, employers, health plans and health care providers.

HIPAA Privacy Rule

Establishes national standards for the protection of certain health information, while allowing the flow of information for high quality care.

HIPAA Security Rule

Establishes national standards to protect electronic personal health information that is created, received, used, or maintained by a covered entity; and requires administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected heath information.

Health Information Technology for Economic and Clinical Health Act (HITECH)/Omnibus Rule

HITECH supports electronic health records (EHR) and technology as part of the American Recovery and Reinvestment Act of 2009. This Act/Rule created data breach notification requirements and added details such as holding healthcare providers’ business associates accountable for the same liability of data breaches as the providers themselves.

Authorization to Release Confidential Protected Health Information (PHI)




Notice of Privacy Practices:




Contract Provider Resources:

HIPAA Audit Checklist

HIPAA Privacy & Security Survey

HIPAA Audit Protocol

HIPAA Self Assessment Worksheet

“Minimum Necessary” Standards

Confidentiality Statement Requirement for Safeguarding PHI

Information Notice17-11

Oath of Confidentiality (Contractors)

Oath of Confidentiality (DBH Staff)