This guidance remains in effect only to the extent that it is consistent with the court's order in Ciox Health, LLC v. Azar, No. 18-cv-0040 (D.D.C. January 23, 2020), which may be found at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2018cv0040-51. More information about the order is available at https://www.hhs.gov/hipaa/court-order-right-of-access/index.html. Any provision within this guidance that has been vacated by the Ciox Health decision is rescinded.
Helping Entities Implement HIPAA Protections
The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized program that could appropriately train employees of all entities. However, the training materials and resources below can be useful to a wide range of regulated entities as a supplement to OCR's guidance and searchable FAQ database.
HealthIT.gov's Health IT Privacy and Security Rule Resources for Providers include a beginner's overview of what the HIPAA Rules require, security training games, risk assessment tools, and other aids.
CMS's HIPAA Basics for Providers: HIPAA Privacy, Security, and Breach Notification Rules provides an overview of the HIPAA Privacy, Security, and Breach Notification Rules, and the vital role that health care professionals play in protecting the privacy and security of patient information.
Want to learn more about the HIPAA Privacy & Security Rules? Sign Up for the OCR Privacy & Security Listserv
OCR has established two listservs to inform the public about health information privacy and security FAQs, guidance, and technical assistance materials. We encourage you to sign up and stay informed!