Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA Tools If you work in the behavioral health service sector, it's likely that you've heard of HIPAA. You may not know what it stands for, or what it's supposed to do, but you've probably heard of it. That's good, because HIPAA is here, now, and it affects every one of the Coalition's members.

HIPAA Business Associate Changes in ARRA

The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of ARRA in Title XIII include important changes in Privacy (Subtitle D).  Changes related to business Associates under HOPAA Administrative Simplification are specified in Section 13401: Application of Security Provisions and Penalties to Business Associates of Covered Entities. 

Application of Security Provisions - Sections 164.308, 164.310, 164.312, and 164.316 of title 45, Code of Federal Regulations,

New Regulation for HIPAA Business Associate December 15, 2009

HITECH Raises the Stakes on HIPAA Compliance

Proposed Rulemaking to Implement HITECH Act Modifications July 14, 2010.  HHS issued a notice of proposed rulemaking to modify the HIPAA Privacy, Security, and Enforcement Rules. 

HIPAA National Provider Identifier

NYS Medicaid requires NPI on all non-claim transactions effective October 1, 2009
Dear Provider Letter

Breach Notification Rule

The U.S. Department of Health and Human Services issued new regulations requiring entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals after their unsecured health information has been breached. Under the regulations, health care providers, health plans, and other entities covered by HIPAA must promptly notify any individuals affected by a breach. If the breach affects more than 500 people, the Secretary of Health and Human Services and the media must also be notified. Breaches involving fewer than 500 must also be reported to the secretary annually. The regulations also affect business associates of covered entities.

Breach Notification Final Rule Update - 7/28/10

45 CFR Parts 160and 164 - Breach Notification for Unsecured Protected Health Information; Interim Final Rule

CMS Information on Breach Notification Rule

HIPAA Security Rule

HIPAA Enforcement Rule

The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings.  The HIPAA Enforcement Rule is codified at 45 CFR Part 160, Subparts C, D, and E.

HITECH Act Enforcement Interim Final Rule - October 29, 2009

HIPAA Enforcement Rule - Final Rule February 16, 2006

HIPAA Enforcement Activities

Learn more about HIPAA:

Do you need help determining if you are a Covered Entity? CMS has put up a page help you figure it out:

Are you a Coalition member looking for further information on HIPAA? Contact Karyn Krampitz.