HIPAA Guidance Materials
Updated Joint Guidance on Application of HIPAA and FERPA to Student Health Records
This joint guidance with the Department of Education provides clear explanations and examples of when students’ health information can be shared under the HIPAA Privacy Rule and the Family Educational Rights and Privacy Act (FERPA) statute and implementing regulations.
- People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office for Civil Rights at (800) 368-1019, TDD toll-free: (800) 537-7697, or by emailing OCRMail@hhs.gov.
Small Providers, Small Health Plans, and other Small Businesses
View materials about the Privacy Rule for small providers, small health plans and other small businesses.
HIPAA and Health Plans - Care Coordination and Continuity of Care
View frequently asked questions that clarify how the HIPAA Privacy Rule permits health plans to share protected health information (PHI) in a manner that furthers the HHS Secretary’s goal of promoting coordinated care.
Access Right, Apps and APIs
View frequently asked questions about how the HIPAA Rules apply to covered entities and their business associates with respect to the right of access, apps and APIs.
Understanding Some of HIPAA’s Permitted Uses and Disclosures - Topical fact sheets that provide examples of when PHI can be exchanged under HIPAA without first requiring a specific authorization from the patient, so long as other protections or conditions are met.
Guidance on Significant Aspects of the Privacy Rule - A collection of documents explaining many provisions of the Privacy Rule including business associates, special topics such as disclosures for public health and research, and incidental uses and disclosures.
Guidance on Individuals' Right to Access Health Information - This guidance explains the importance of providing individuals with the ability to access and obtain a copy of their health information.
Guidance on HIPAA and Workplace Wellness Programs - This guidance explains the ways in which health information collected from or created about participants in a wellness program offered as part of a group health plan is protected by HIPAA.
Workshop on the HIPAA Privacy Rule's De-Identification Standard - Washington, DC - March 8th & 9th, 2010
Fast Facts for Covered Entities - Answers to many common questions and misconceptions about patient consent, incidental disclosures, child abuse reporting, electronic media, and other disclosures.
Provider Guide: Communicating With a Patient's Family, Friends, or Other Persons Identified by the Patient - This is a guide for health care providers to help them determine when they can disclose a patient's health information to the patient's family, friends, or other identified by the patient.
Guidance on Sharing Information Related to Mental Health - This guide addresses questions about when it is appropriate under the Privacy Rule for a health care provider to share information about a patient who is being treated for a mental health condition.
Frequently Asked Questions About Family Medical History Information - These frequently asked questions and answers address how the Privacy Rule permits the use and disclosure of family medical history information.
Frequently Asked Questions About the Disposal of Protected Health Information - These frequently asked questions and answers address how covered entities should dispose of protected health information pursuant to the Privacy and Security Rules.
Misleading Marketing Claims - This notice addresses marketing claims that suggest compliance programs may be endorsed by HHS. HHS and OCR do not endorse any private consultants' or education providers' seminars, materials or systems, and do not certify any persons or products as Privacy Rule compliant.
Designation of Regional Privacy Advisors - The HITECH Act requires the Secretary to designate an individual in each regional office of HHS to offer guidance and education to covered entities, business associates, and individuals on their rights and responsibilities related to the HIPAA Privacy and Security Rules.
Sign Up for the OCR Privacy Listserv - OCR has established a listserv to inform the public about Privacy and Security Rule FAQs, guidance, and technical assistance materials as they are released.
See HIPAA related links.