This web site was copied prior to January 20, 2005. It is now a Federal record managed by the National Archives and Records Administration. External links, forms, and search boxes may not function within this collection. Learn more.   [hide]
Centers for Disease Control and Prevention
 CDC Home Search Health Topics A-Z

Centers for Disease Control and Prevention
About CDC Announcements Funding Opportunities Publications Contact Us

U.S. Department of Health and Human Services


· Privacy Rule Home
· Guidance for Public Health
· HIPAA Basic Facts
· FAQs              
· Privacy Rule Reading Room
· Privacy Rule Links
· Public Health Grand Rounds: HIPAA Privacy Rule

CDC/ATSDR Privacy Rule Links


The HIPAA privacy links are categorized into the 5 areas listed below.  Each category is hyperlinked to the appropriate section of the document for your convenience.  If you have any suggestions or questions about this page please email the CDC Privacy Rule Coordinator at

  • DHHS Sites

  • Federal Sites

  • State HIPAA Sites

  • State-based HIPAA Organizations

  • Other HIPAA Organizations



Related DHHS Sites

U.S. Department of Health and Human Services: HIPAA Administrative Simplification - This is the best source for authoritative information on HIPAA Administrative Simplification: Transaction and Code Set Standards, Identifier Standards, Privacy Standards, and Security Standards, as well as HIPAA Implementation Guides. There are also excellent FAQ links here. 

U.S. Department of Health and Human Services: Office for Civil Rights - This is the office charged with assisting covered health care organizations become compliant with the HIPAA Privacy Rule. OCR is also the office for enforcement of the Privacy Rule.

Office for Civil Rights:  National Standards to Protect the Privacy of Personal Health Information - OCR website offering specific technical assistance regarding the implementation of the privacy rule.

U.S. Department of Health and Human Services:  Centers for Medicaid and Medicare Services (CMS) – HIPAA Site – CMS is the federal agency responsible for providing health insurance for over 74 million Americans through Medicare, Medicaid and State Children's Health Insurance Program (SCHIP). In addition to providing health insurance, CMS also performs a number of quality-focused activities, including regulation of laboratory testing under the Clinical Laboratory Testing Amendments (CLIA), development of coverage policies, and quality-of-care improvement. CMS maintains oversight of the survey and certification of nursing homes and continuing care providers (including home health agencies, intermediate care facilities for the mentally retarded, and hospitals), and makes available to beneficiaries, providers, researchers and State surveyors information about these activities and nursing home quality.

U.S. Department of Health and Human Services:  Substance Abuse and Mental Health Services Administration (SAMHSA) – HIPAA Site - SAMHSA is the Federal agency charged with improving the quality and availability of prevention, treatment, and rehabilitation services in order to reduce illness, death, disability, and cost to society resulting from substance abuse and mental illnesses.

U.S. Department of Health and Human Services:  Indian Health Service (HIS) – HIPAA Site - The Indian Health Service (IHS), an agency within the Department of Health and Human Services, is responsible for providing federal health services to American Indians and Alaska Natives.

Centers for Disease Control and Prevention’s (CDC) National Immunization Program - The National Immunization Program (NIP) is a part of the Centers for Disease Control  and Prevention, located in Atlanta, Georgia. As a disease-prevention program, NIP provides leadership for the planning, coordination, and  conduct of immunization activities nationwide.



Other Federal Sites

The National Committee on Vital and Health Statistics - The NCVHS serves as the statutory [42 U.S.C. 242k(k)] public advisory body to the Secretary of Health and Human Services in the area of health data and statistics. In that capacity, the Committee provides advice and assistance to the Department and serves as a forum for interaction with interested private sector groups on a variety of key health data issues.

Chief Information Officer’s Council - The Chief Information Officers (CIO) Council was established by Executive Order 13011, Federal Information Technology, on July 16, 1996. A charter for the Council was adopted on February 20, 1997. The CIO Council serves as the principal interagency forum for improving practices in the design, modernization, use, sharing, and performance of Federal Government agency information resources. The Council's role includes developing recommendations for information technology management policies, procedures, and standards; identifying opportunities to share information resources; and assessing and addressing the needs of the Federal Government's IT workforce.



State HIPAA Sites

  • Alabama -       HIPAA Implementation Site
  • Alaska -          HIPAA Implementation Site
  • Arkansas -      HIPAA Implementation Site
  • California -     Office of HIPAA Implementation
  • California -     Department of Developmental Services
  • California -     Department of Health Service
  • Colorado -       Department of Insurance
  • Colorado -       Department of Health Care Policy and Financing
  • Connecticut - HIPAA Implementation Site
  • District of Columbia – Department of Health
  • Georgia -        Department of Human Services
  • Idaho -            HIPAA Implementation Site
  • Illinois -           HIPAA Implementation Site
  • Indiana -         Department of Insurance
  • Iowa - HIPAA Implementation Site
  • Kansas -         HIPAA Awareness and Readiness for Kansas (HARK) Site
  • Kentucky -      HIPAA Implementation Site
  • Louisiana -      HIPAA Implementation Site
  • Maine -           Bureau of Medical Services
  • Maryland -     Department of Health and Mental Hygiene
  • Maryland -     Maryland Health Care Commission
  • Massachusetts – Division of Medical Assistance
  • Michigan -      HIPAA Implementation Site
  • Minnesota -    HIPAA Implementation Site
  • Missouri -       Department of Mental Health
  • Missouri -       Department of Mental Health
  • Montana -       Department of Public Health and Human  Services
  • Nevada
  • New Hampshire - Developmental Disabilities Services System
  • New York – New York State Central HIPAA Coordination Center
  • North Carolina - Department of Health and Human Services
  • Ohio - HIPAA Implementation Site
  • Oregon - Department of Human Services
  • Pennsylvania - Department of Public Welfare
  • Rhode Island - Department of Human Services
  • South Carolina - HIPAA Implementation Site
  • South Dakota - Department of Health
  • Texas
  • Virginia - Department of Health and Human Resources
  • Washington - HIPAA Implementation Site
  • West Virginia -           Bureau for Medical Services
  • Wisconsin - HIPAA Implementation Site



State-based Organization Sites

Hawaii HIPAA Readiness Collaborative - The vision of the HIPAA Readiness Collaborative (HRC) is to realize the positive potential of HIPAA, including improving the flow of patient information to improve patient care and reducing administrative overhead. More immediate objectives relate to reducing HIPAA implementation costs by standardizing approaches, pooling resources and, potentially sharing consultant expenses.

Idaho HIPAA Coordinating Council - The Idaho HIPAA Coordinating Council (IHCC) is made up of individuals who represent those who are impacted by HIPAA legislation. Members represent health care providers, insurance carriers, third party billing agents, and State, County and City governmental entities to name a few. The IHCC provides the means to create a collaborative healthcare industry-wide process to bring about a statewide coordination effort that is necessary to achieve successful compliance.

HIPAA Awareness and Readiness for Kansas - a collaborative effort to inform, educate, share tools and best practices for the HIPAA readiness in Kansas.

Massachusetts Health Data Consortium - The Massachusetts Health Data Consortium is a non-profit, private 501 (c) (3) corporation established for the purpose of developing, collecting, analyzing and disseminating health care information to improve the health and healthcare of the region.

Minnesota Center for Healthcare Electronic Commerce – MCHEC is a membership-driven organization whose purpose is to assist the health care industry in adopting standardized electronic commerce solutions to increase efficiency and provide better health care to patients. Assistance is provided by training, standards development, pilot projects and similar efforts. Membership in MCHEC is open to any health care industry organization in Minnesota.

New England HIPAA Workgroup - New England HIPAA Work Group is a forum established to influence on-going developments related to HIPAA and to promote general New England Healthcare Industry readiness to implement HIPAA standards. The group's focus is to network, develop awareness, and collaborate on approaches, techniques, and best practices for HIPAA compliance; as well as share information with other industry and HIPAA related groups for a combined effort.

New Hampshire and Vermont Strategic HIPAA Implementation Plan (NHVSHIP) - NHVSHIP is a volunteer organization of hospitals, physicians, other health care providers, health plans, state health departments, and vendors. Members are working together to improve the understanding of and compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Membership is open to any organization that expresses a desire to work in a collaborative, non-commercial environment.

New Mexico Coalition for Health Care Information Leadership Initiatives (NM CHILI) - NM CHILI is a public/private state-wide organization which is designed to help the New Mexico healthcare industry become compliant with HIPAA regulations and other healthcare e-business initiatives. NM CHILI is a volunteer organization with administrative support from the Health Policy Commission and member organizations.

North Carolina Healthcare Information and Communications Alliance, Inc. - NCHICA is dedicated to improving healthcare through information technology and secure communications. NCHICA has over 200 member organizations, representing the many sectors of the healthcare industry.

e-Pennsylvania Alliance - The Alliance is Pennsylvania's only statewide,  nonprofit volunteer organization of technology providers, supporters and users. It has been established to provide a broad-based forum for increasing public awareness, interest and involvement in developing Pennsylvania's communications and information technology systems. 

Southern California HIPAA Forum - The purpose of the HIPAA Forum is to provide ongoing information and education on specific requirements for HIPAA compliance; collaborate on approaches, techniques, and solutions to deal most effectively with HIPAA regulations; discuss the "gray" areas to help each organization decide how they deal with them; and provide a combined voice to help influence future regulations and to focus vendors on needed changes to achieve compliance.

Southern HIPAA Administrative Regional Process - SHARP is striving to meet the needs of all regional stakeholders, by providing a collaborative regional health care and provider focus, which achieves implemented standards and furthers the development and implementation of future standards.

HIPAA Collaborative of Wisconsin - HIPAA-COW is a non-profit organization open to entities considered to be Covered Entities, Business Associates, and/or Trading Partners under HIPAA, as well as any other organization impacted by HIPAA regulation.






Other Sites


American Medical Association


HIPAAcomply –source for up-to-date information regarding HIPAA security & privacy compliance. Includes HIPAA FAQs, HIPAA Updates, News & Info, Timelines, Discussion Boards, Events links, Legislation links, Technology links, links to white papers on electronic security and more. Sponsored by Tom Hanks and Beacon Partners.

HIPAAGives - GIVES is a collaborative state government health care focus group resulting in the sharing of information through a clearinghouse highway and providing a forum for discussing and resolving issues in meeting the Health Insurance Portability and Accountability Act (HIPAA) legislation.

GIVES has been established to meet the immediate need to exchange information, identify common government challenges and share solutions in order to attain HIPAA compliance in the timeframe required. By providing a government-focused network, our goal is to minimize duplicate effort.

HIPAAGives is organized into workgroups that address specific issues confronting states.  These workgroups include a public health work group addressing the implications this regulation will have on public health practice at the state level.

North American Association of Central Cancer Registries - Established in 1987, NAACCR is a collaborative umbrella organization for cancer registries, governmental agencies, professional associations, and private groups in North America interested in enhancing the quality and use of cancer registry data. Most central cancer registries in the United States and Canada are members.

HIMSS - Healthcare Information and Management Systems Society - The Healthcare Information and Management Systems Society provides leadership in healthcare for the management of technology, information, and change through publications, educational opportunities, and member services. HIMSS has more than 43 chapters and more than 12,000 members working in healthcare organizations throughout the world. Members include healthcare professionals in hospitals, corporate healthcare systems, clinical practice groups, vendor organizations, healthcare consulting firms, and government settings in professional levels ranging from senior staff to CIOs and CEOs.

HIPAA Privacy Joint Information Center - Ohio  - Full text of the proposed revisions to the HIPAA privacy rules as published in the Federal Register today. Revisions are posted in both pdf and html format.

United State Medicine Institute - The U.S. Medicine Institute for Health Studies (USMI) is a nonprofit 501(c)3 organization devoted toward enhancing communication between and among federal agencies and the private sector.

WEDI - Workgroup for Electronic Data Interchange - The Workgroup for Electronic Date Interchange strives to foster widespread support for the adoption of electronic commerce within healthcare by:

·         Provide a forum for the definition of standards, the resolution of implementation issues, the development and delivery of education and training programs and the development of strategies and tactics for the continued expansion of electronic commerce in healthcare;

·         Assist healthcare leaders to define, prioritize and reach consensus on the critical technical and business issues which affect the implementation and value of electronic commerce;

·         Ensure that electronic commerce standards, policies and regulations for healthcare are thoughtfully developed and implemented;

·         Serve as the primary catalyst for the identification, communication and resolution of obstacles that impede the growth of electronic commerce within healthcare;

·         and Inform and educate WEDI members and other healthcare stakeholders about the benefits and strategies for successfully implementing electronic commerce.

WEDI SNIP - WEDI Strategic National Implementation Process - This is the WEDI site for the Strategic National Implementation Process for Complying with the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

RX2000 - The RX2000 Institute HIPAA Knowledge Center - The RX2000 Institute is dedicated to helping healthcare organizations solve the challenges of rapidly changing regulations, information technologies and business dynamics. The nonprofit Institute is committed to bridging healthcare's "organizational digital divide" to ensure critical information reaches the healthcare community regardless of size, funding or technological sophistication. The Institute is supported by its membership, fees for service, foundation grants and vendor sponsorships.

Health Privacy Project (Georgetown University) - The Health Privacy Project is dedicated to raising public awareness of the importance of ensuring health privacy in order to improve health care access and quality, both on an individual and a community level.



Disclaimer: Links to non-federal organizations found at this site are provided solely as a service to our users. These links do not constitute an endorsement of these organizations or their programs by CDC or the Federal Government, and none should be inferred. CDC is not responsible for the content of the individual organization Internet pages found at these links.



Accessibility | Privacy Policy Notice | FOIA | Information Quality

About CDC | Announcements | Funding Opportunities | Publications | Contact Us

CDC Home | Search | Health Topics A-Z

This page last reviewed April 18, 2003.

United States Department of Health and Human Services
Centers for Disease Control and Prevention