HIPAA Guidance Materials
Small Providers, Small Health Plans, and other Small Businesses
View materials about the Privacy Rule for small providers, small health plans and other small businesses.
Understanding Some of HIPAA’s Permitted Uses and Disclosures - Topical fact sheets that provide examples of when PHI can be exchanged under HIPAA without first requiring a specific authorization from the patient, so long as other protections or conditions are met.
Guidance on Significant Aspects of the Privacy Rule - A collection of documents explaining many provisions of the Privacy Rule including business associates, special topics such as disclosures for public health and research, and incidental uses and disclosures.
Guidance on Individuals' Right to Access Health Information - This guidance explains the importance of providing individuals with the ability to access and obtain a copy of their health information.
Guidance on HIPAA and Workplace Wellness Programs - This guidance explains the ways in which health information collected from or created about participants in a wellness program offered as part of a group health plan is protected by HIPAA.
Workshop on the HIPAA Privacy Rule's De-Identification Standard - Washington, DC - March 8th & 9th, 2010
Fast Facts for Covered Entities - Answers to many common questions and misconceptions about patient consent, incidental disclosures, child abuse reporting, electronic media, and other disclosures.
Provider Guide: Communicating With a Patient's Family, Friends, or Other Persons Identified by the Patient - This is a guide for health care providers to help them determine when they can disclose a patient's health information to the patient's family, friends, or other identified by the patient.
Guidance on Sharing Information Related to Mental Health - This guide addresses questions about when it is appropriate under the Privacy Rule for a health care provider to share information about a patient who is being treated for a mental health condition.
Frequently Asked Questions About Family Medical History Information - These frequently asked questions and answers address how the Privacy Rule permits the use and disclosure of family medical history information.
Frequently Asked Questions About the Disposal of Protected Health Information - These frequently asked questions and answers address how covered entities should dispose of protected health information pursuant to the Privacy and Security Rules.
Misleading Marketing Claims - This notice addresses marketing claims that suggest compliance programs may be endorsed by HHS. HHS and OCR do not endorse any private consultants' or education providers' seminars, materials or systems, and do not certify any persons or products as Privacy Rule compliant.
Designation of Regional Privacy Advisors - The HITECH Act requires the Secretary to designate an individual in each regional office of HHS to offer guidance and education to covered entities, business associates, and individuals on their rights and responsibilities related to the HIPAA Privacy and Security Rules.
Sign Up for the OCR Privacy Listserv - OCR has established a listserv to inform the public about Privacy and Security Rule FAQs, guidance, and technical assistance materials as they are released.
See HIPAA related links.