FAQ 191 Will covered entities have to meet these HIPAA privacy standards?
This is an FAQ answering the question of whether a covered entity has to comply with HIPAA privacy standards.
Final
Issued by: Office for Civil Rights (OCR)
When did covered entities have to meet these HIPAA privacy standards?
Answer:
As Congress required in HIPAA, most covered entities had until April 14, 2003 to come into compliance with these standards, as modified by the August, 2002 final Rule. Small health plans had an additional year – until April 14, 2004 – to come into compliance.
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is providing assistance to help covered entities prepare to comply with the Rule. Visit the OCR Privacy web site for helpful information, such as guidance, frequently asked questions, sample “business associate” contract provisions, significant reference documents, and other technical assistance information for consumers and the health care industry.
Date Created: 12/19/2002
Last Updated: 11/27/2006
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.