Skip to main content

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act imposes numerous requirements on patient privacy and security issues. Learning about how to comply with HIPAA regulations is crucial to your practice.

The Department of Health and Human Services provides many resources on HIPAA. Consent forms and templates can be obtained by contacting your legal counsel.

General Information

HHS: Health Information Privacy. This is the general HIPAA website from HHS that includes information for both providers and consumers.

HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules. The CMS guide to the basics of HIPAA.

ONC Privacy and Security Resources for your PT Practice. From the official website of the Office of the National Coordinator of Health Information Technology, a look at HIPAA through the lens of technology.

HHS Summary of the HIPAA Privacy Rule. This page summarizes key elements of the HIPAA privacy rule including who is covered, what information is protected, and how protected health information can be used and disclosed.

HHS Model Notices of Privacy Practices. HIPAA requires covered health care providers to develop and distribute a notice that provides a clear, user friendly explanation of individuals rights with respect to their personal health information. This page provides options for meeting that requirement.

Electronic Health Records

ONC Risk Assessment Tool and Resources for your PT Practice. This online tool from the Office of the National Coordinator for Health Information Technology helps you conduct a security risk assessment as required by the HIPAA Security Rule and the CMS Electronic Health Record Incentive Program.

ONC Guide to Privacy & Security of Electronic Health Information. While the guide itself is available as a pdf, this webpage from provides a crosswalk from general topics to specific guide citations.

Business Associates

Covered Entities and Business Associates. Are you a "covered entity" that must comply with HIPAA? What if you engage another entity to help you carry out your duties? This HHS page explains.

Model Business Associate Contract Language. "Business Associates" under HIPAA are persons or entities that may be included in HIPAA requirements. Find out how to safely contract with a Business Associate through this HHS page.