HIPAA Resources

The Administrative Simplification provisions of HIPAA require the Secretary of the federal Department of Health and Human Services (DHHS) to issue regulations and adopt standards to implement the law. The federal HIPAA regulations issued by the DHHS include: Electronic Transactions and Code Sets, Privacy, Security and National Provider Identification.

The Internet offers many solutions and resources to consult when trying to conform to HIPAA's rules and regulations. This page is designed to provide you with access to helpful web sites, and to offer other solutions and resources that may be of particular interest.

Privacy:

• For more information on the Privacy Rule visit the DHHS Office for Civil Rights
• E-mail questions about Privacy Standards to ocrprivacy@os.dhhs.gov
  Telephone: 866-627-7748
• Privacy Rule (HHS) - http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
• HIPAA Privacy Rule & Public Health (CDC) - http://www.cdc.gov/mmwr/pdf/other/m2e411.pdf

HHS Office of Civil Rights Privacy Guidance Documents

• HHS issues guidance regarding methods for de-identification of protected health information in accordance with the HIPAA privacy rule
• HHS issues proposed rule on HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act (HITECH)
• HHS issues Notice of Proposed Rulemaking to Implement HITECH Act Modifications to the HIPAA Rules (July 8, 2010)
• What's New in Privacy (HHS) (right hand side of page) - http://www.hhs.gov/ocr/privacy/index.html
• HITECH Privacy regulation (begins on page 144) - http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:h1enr.txt.pdf
• Breach Notification for Unsecured Protected Health Information - Interim Final Rule (August 24, 2009) - http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf
• HITECH Act Enforcement Interim Final Rule (October 29, 2009) - http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
• Individuals’ Right under HIPAA to Access their Health Information (February 25, 2016) - https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
• Updated Joint Guidance on Application of HIPAA and FERPA to Student Health Records  (December 2019 Update) - https://www.hhs.gov/sites/default/files/2019-hipaa-ferpa-joint-guidance-508.pdf
• Other Privacy Guidance Documents - https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/index.html

Security:

The final rule adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003. To view security information and procedures covered entities must use to assure the confidentiality of electronic protected health information visit:

• Privacy and Security Standards - http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html
• Security Rule - http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
• HIPAA Administrative Simplification Statute & Rules - http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html
• NIST Security Resource - http://csrc.nist.gov\
• HHS Office of Civil Rights Security Rule - https://www.hhs.gov/hipaa/for-professionals/security/index.html
• HHS Office of Civil Rights Security Guidance Documents and Other Important Links - https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html and https://www.hhs.gov/hipaa/for-professionals/security/index.html

State Confidentiality Law Links:

Mental Health/AODA/DD 

• Wisconsin Stat. § 51.30 - State Alcohol, Drug Abuse, Developmental Disabilities and Mental Health Act - http://www.legis.state.wi.us/statutes/Stat0051.pdf
• Wisconsin Stat. § 146.816 - Uses and Disclosures of Protected Health Information - http://docs.legis.wisconsin.gov/statutes/statutes/146/816
• Wisconsin Admin. Code ch. DHS 92 - Confidentiality of treatment records - http://www.legis.state.wi.us/rsb/code/dhs/dhs092.pdf
• Wisconsin Admin. Code ch. DHS 94 - Patients Rights & Resolutions of Grievances - http://www.legis.state.wi.us/rsb/code/dhs/dhs094.pdf

Medicaid

• Wisconsin Stat. § 49.475 - Information about Medicaid Assistance beneficiaries - http://www.legis.state.wi.us/statutes/Stat0049.pdf
• Wisconsin Admin. Code ch. DHS 108 - General Medicaid Administration - http://www.legis.state.wi.us/rsb/code/dhs/dhs108.pdf

Provider

• Wisconsin Stat. § 146.81-84 - Miscellaneous Health Provisions (health care records) - http://www.legis.state.wi.us/statutes/Stat0146.pdf
• Wisconsin Stat. § 146.816 - Uses and Disclosures of Protected Health Information - http://docs.legis.wisconsin.gov/statutes/statutes/146/816
• Wisconsin Stat. § 252.15 - Communicable Diseases - Restrictions on Use of HIV Tests - http://www.legis.state.wi.us/statutes/Stat0252.pdf

Long-Term Care (Family Care)

• Wisconsin Stat. ch. 46 - Long-term Care (Confidentiality - Exchange of Information) - http://www.legis.state.wi.us/statutes/Stat0046.pdf
• Wisconsin Admin. Code ch. DHS 10 - Confidentiality and Exchange of Information (Family Care)
  • § DHS 10.23(7) ADRCs
  • § DHS 10.45(5)
    • CMOS http://www.legis.state.wi.us/rsb/code/dhs/dhs010.pdf

Other

• HIPAA COW (HIPAA Collaborative of Wisconsin) - http://hipaacow.org
• Wisconsin Office of Privacy Protection - http://privacy.wi.gov
• FTC Privacy Initiatives - http://www.ftc.gov/privacy/index.html

Training Resources

• HIPAA COW - https://hipaacow.org/resources/hipaa-education/hipaa-101/
• The Office of National Coordinator for Health Information Technology (ONC) - https://www.healthit.gov/topic/privacy-security-and-hipaa/health-it-privacy-and-security-resources-providers