Health Insurance Portability and Accountability Act (HIPAA)
All facilities that provide patient care or provide referrals for patient care are subject to the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA changes the way health care staff must protect the privacy of a patient's health information and contains security procedures that must be followed to protect the integrity of a patient's health information. The following areas will provide you with information on the specifics of HIPAA and how your facility can comply with the requirements of this law.
Call or email the IHS CA Area Office Privacy Office Consultant.
- September 12, 2014
- Email - September 12, 2014 - HIPAA Reminders
- Guide to Privacy and Security of Electronic Health Information
- September 11, 2014
- HIPAA Reminders
Email message sent to Tribal Health Program staff on September 12, 2014, discussing relevant prior HIPAA news articles and deadlines for compliance.
- HITECH Modifications to HIPAA Rule
Email message that summarizes HITECH modifications to HIPAA effective September 23, 2013
- IHS HIPAA Compliant Forms, Policies and Procedures
View and download HIPAA compliant forms developed by the Indian Health Service for use in Federal facilities. Tribal and Urban facilities are encouraged to modify these forms as appropriate for local use in conjunction with the organizations legal counsel.
- IHS HIPAA FAQs
Find frequently ask questions regarding HIPAA and how it relates to Indian Health. Specific questions that are not addressed on this site can be directed to Reese Weber (firstname.lastname@example.org), HIPAA Privacy Officer for the California Area.
- IHS HIPAA Standards
Identifier, Privacy, and Security Standards; and Transactions and Code Sets Standards Implementation Strategy
- IHS HIPAA Training
Resources for providing HIPAA privacy training for your staff. Materials are available to download to conduct training for a larger group, or an individual can create a log on, complete the course and have a certificate available for their personnel file
- Sanction Guidelines for Privacy and Security Violations (2013 update)