Skip to site content

California Area Office logoCalifornia Area Office

Health Insurance Portability and Accountability Act (HIPAA)

All facilities that provide patient care or provide referrals for patient care are subject to the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA changes the way health care staff must protect the privacy of a patient's health information and contains security procedures that must be followed to protect the integrity of a patient's health information. The following areas will provide you with information on the specifics of HIPAA and how your facility can comply with the requirements of this law.


Call or email the IHS CA Area Office Privacy Office Consultant.

September 12, 2014
Email - September 12, 2014 - HIPAA Reminders
Guide to Privacy and Security of Electronic Health Information

Exit Disclaimer: You Are Leaving  The Official site for Health IT

September 11, 2014
HIPAA Reminders

Email message sent to Tribal Health Program staff on September 12, 2014, discussing relevant prior HIPAA news articles and deadlines for compliance.

HITECH Modifications to HIPAA Rule

Email message that summarizes HITECH modifications to HIPAA effective September 23, 2013

IHS HIPAA Compliant Forms, Policies and Procedures

View and download HIPAA compliant forms developed by the Indian Health Service for use in Federal facilities. Tribal and Urban facilities are encouraged to modify these forms as appropriate for local use in conjunction with the organizations legal counsel.


Find frequently ask questions regarding HIPAA and how it relates to Indian Health. Specific questions that are not addressed on this site can be directed to Reese Weber (, HIPAA Privacy Officer for the California Area.

IHS HIPAA Standards

Identifier, Privacy, and Security Standards; and Transactions and Code Sets Standards Implementation Strategy

IHS HIPAA Training

Resources for providing HIPAA privacy training for your staff. Materials are available to download to conduct training for a larger group, or an individual can create a log on, complete the course and have a certificate available for their personnel file

Sanction Guidelines for Privacy and Security Violations (2013 update)

Exit Disclaimer: You Are Leaving  A practice brief intended to bring awareness for a united industry message on the seriousness regarding the handling of violations by workforce members.