HIPAA Online Homepage

User Type

Quick Links
Privacy Notice

What is

Contact Us


HIPAA Privacy & Security
2. Business Associates Section:
General Information about Privacy

One of the largest and most pervasive section of HIPAA is Privacy. Following is general information about HIPAA Privacy requirements.

  • Compliance Date: April 14, 2003.
  • Oversight agency:  U.S. Department of Health and Human Services, Office of Civil Rights (OCR), regional auditors.
  • Topics in HIPAA Privacy final rule (top items):
    • Statutory basis
    • Definitions of terms
    • Preemption of state law
    • Compliance / Enforcement
      • Complaints
      • Compliance reviews
      • Covered entity responsibilities
    • Use and disclosure of PHI, Protected Health Information
      • Minimum necessary
      • Agreed-upon restrictions
      • De-identified PHI
      • Business associates disclosure
      • Deceased individuals
      • Personal representatives
      • Privacy Notice
    • Business Associate Agreement
    • Treatment, payment, or healthcare operations (TPO)
    • When is authorization required
    • When an individual is allowed to agree/ object
    • Other requirements
      • Limited data set
      • Fundraising
    • Details of "Notice of Privacy"
    • Access to one's own Protected Health Information (PHI)
    • Amendment of PHI
    • Accounting of PHI disclosures
    • Administrative requirements
      • Personnel
      • Training
      • Safeguards
      • Documentation
  • General approaches to compliance:
    • Business Associate Agreement.  For some covered entities, the "Business Associate Agreement" is required. 
    • Policies and procedures.  Revised existing policies and procedures to reflect HIPAA requirement;  created new ones to fill the gaps of missing items.
    • Training.  Training provided for our entire staff to become more aware of the HIPAA requirements, risks, and solutions.
    • Utilize resources.  Use of  trust-worthy Websites (federal, state-level, non-profits and reputable private-sector efforts), hired contracted experts, work with the standard-setting and enforcement organizations (US Department of Health and Human Services - OCR and CMS agencies).  Continually checked this website for the latest news and tools.

For details about the HIPAA Privacy requirements, you can read the following 42-page document that contains an abbreviated version of the entire Final Rule.

Standards for Privacy of Individually Identifiable Health Information (45 CFR Parts 160 and 164), Regulation Text
This is an abbreviated version of the Privacy regulation's language, from U.S. Department of Health and Human Services, Office for Civil Rights (OCR).

You may use this document to understand specifically what HIPAA is requiring.