Answer:
As Congress required in HIPAA, most covered entities had until April 14, 2003 to come into compliance with these standards, as modified by the August, 2002 final Rule. Small health plans had an additional year – until April 14, 2004 – to come into compliance.
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is providing assistance to help covered entities prepare to comply with the Rule. Visit the OCR Privacy web site for helpful information, such as guidance, frequently asked questions, sample “business associate” contract provisions, significant reference documents, and other technical assistance information for consumers and the health care industry.
Date Created: 12/19/2002
Last Updated: 11/27/2006
