Skip to main content
U.S. flag

An official website of the United States government

HHS Guidance Submissions

Search HHS Guidance Documents

 

Filter Guidance Documents by ...

HHS Guidance Documents
Title OpDiv/StaffDiv Sort descending Guidance Status Issue Date
FAQ 2078 Which CSPs offer HIPAA-compliant cloud services?  Office for Civil Rights (OCR) Final
FAQ 2079 What if a HIPAA covered entity (or business associate) uses a CSP to maintain ePHI without first executing a business associate agreement with that CSP?  Office for Civil Rights (OCR) Final
FAQ 208 Won't the HIPAA Privacy Rule's minimum necessary restrictions impede the delivery of quality health care by preventing or hindering necessary exchanges of patient medical information among health care providers involved in treatment?   Office for Civil Rights (OCR) Final
FAQ 2080 If a CSP experiences a security incident involving a HIPAA covered entity’s or business associate’s ePHI, must it report the incident to the covered entity or business associate?  Office for Civil Rights (OCR) Final
FAQ 2081 Do the HIPAA Rules allow health care providers to use mobile devices to access ePHI in a cloud?  Office for Civil Rights (OCR) Final
FAQ 2082 Do the HIPAA Rules require a CSP to maintain ePHI for some period of time beyond when it has finished providing services to a covered entity or business associate?   Office for Civil Rights (OCR) Final
FAQ 2083 Do the HIPAA Rules allow a covered entity or business associate to use a CSP that stores ePHI on servers outside of the United States?  Office for Civil Rights (OCR) Final
FAQ 2083 Do the HIPAA Rules allow a covered entity or business associate to use a CSP that stores ePHI on servers outside of the United States?  Office for Civil Rights (OCR) Final
FAQ 2084 Do the HIPAA Rules require CSPs that are business associates to provide documentation, or allow auditing, of their security practices by their customers who are covered entities or business associates?   Office for Civil Rights (OCR) Final
FAQ 2085 If a CSP receives and maintains only information that has been de-identified in accordance with the HIPAA Privacy Rule, is it is a business associate?  Office for Civil Rights (OCR) Final
This Guidance Portal contains 50210 documents.

Petition Submissions

To submit a petition to HHS, please send your petition to Good.Guidance@hhs.gov

CDC

CMS

* This PDF is not Section 508 compliant. Assistive Technology users should contact good.guidance@hhs.gov if they experience any difficulties.