To review and maintain awareness of HIPAA Rule Issues and Changes

Start with these links: 

The final privacy regulations, including all revisions to 12/02:

 All HHS press releases, fact sheets and other press materials are available at:

 Link to Security and Transaction Standards pub 2-20-2003

 The full text of the Addenda to the Transaction modifications rule is available at:

Resource for late-breaking HIPAA Information:    

Resource for late-breaking HIPAA challenges information:

Medical Privacy Coalition:


Application of HIPAA to Small Provider Practices
Download the White Paper "Small Practice Implementation Guide" from the "White Papers Being Revised" Section:

HIPAA applies to "covered entities." In general, HIPAA applies to a small provider practice if that practice submits claims electronically either directly or through a billing service or "clearinghouse."  HIPAA does not apply to a practice that does not submit any information electronically to a health plan.1
In addition, Sec. 3 of the Administrative Simplification Compliance Act (signed into law in December 2001) contains a section entitled "Enforcement through exclusion from Participation in Medicare" and requires that effective for claims submitted to Medicare on or after October 16, 2003, "no payment may be made under part A or part B of [Medicare] for any expenses incurred for items or services ... for which a claim is submitted other than in an electronic form specified by the Secretary."  

This payment prohibition does not apply to small practices:  

            (i)   When there is no method available for the submission of claims in an electronic form

            (ii)  In the case of a physician, practitioner, facility, or supplier (other than a "provider" of services as defined under Medicare), when the entity has fewer than 10 full-time equivalent employees

(iii)            Under such unusual cases as the Secretary may find appropriate.  Note:  No guidance has been given regarding what the Secretary might find appropriate.


How to HIPAA - Top Ten Tips This free downloadable booklet from the AMA is directed toward physicians, but is useful for all health care providers. The material includes a sample patient letter designed to give patients an understanding of the scope and purpose of HIPAA.


August 2002 Changes The Department of Health and Human Services published its final changes to the HIPAA privacy regulations. To read the final modifications to the privacy rule, including the HHS press release and a fact sheet, go to

Among the HIPAA several HIPAA related training sites is an excellent site developed by the University of North Carolina Institute of Government.

See their pages of Privacy Officer Training Materials at:

See their Selected Written Policies and Procedures Required by the HIPAA Privacy Rule:

 Does HIPAA apply to your practice?  See Decision tree at this link:

 Frequently asked questions about CMS ..

 CMS is the Centers for Medicare & Medicaid Services. Formerly known as the Health Care Financing Administration (HCFA)

- federal agency responsible for administering the Medicare, Medicaid, SCHIP, (State Children's Health Insurance), HIPAA (Health Insurance Portability and Accountability Act), CLIA (Clinical Laboratory Improvement Amendments), and several other health-related programs.


 [Federal Register: December 28, 2000 (Volume 65, Number 250)] [Rules and Regulations] 

The Federal Register for Thursday December 28, 2000 is reproduced in a printable format at the following addresses, each part is 50 pp except part 8, which is 19 pp.

 August 14, 2002 Federal Register - revising consent, regulatory permission, and other content of HIPAA privacy regulations:



Be sure to read the answers to doctors' most frequently asked questions about HIPAA


… You can be a NONCOVERED entity - unless you voluntarily relinquish that status.

Despite what you may have been told by the lawyers during hospital "briefings," doctors are NOT required to file electronic claims, nor file a HIPAA compliance plan.

Even HHS admits there's an escape route. In its Motion to Dismiss the AAPS lawsuit against the privacy rule, the Department of HHS wrote:

"It bears repeating that the Privacy Rule applies only to covered entities.

The proverbial country doctor who deals only in paper, or who has a computer but conducts none of the transactions referred to in section 1173(a) electronically, would not be a covered entity and would not be subject to this legislation."



        You transmit any protected health information electronically after April 14, 2003.

        You sign an agreement agreeing to be a covered entity.

        You sign a certification stating that you are a covered entity.


        No "protected health information" is transmitted electronically outside your office.

        The records in your office may all be paper; or you may keep them in a computer. It is the electronic transmission that makes you a covered entity.

        You file no claims via electronic transmittal - including private and Medicare claims.

        You have not volunteered to become a covered entity by contract or certification.


        Protect your patients from having their data entered into a nationwide computer data base.

        Protect yourself from costly but impossible efforts to comply and from enormous potential fines ($250,000 or more) or even imprisonment.

Keep the practice of medicine from being destroyed by forcing it into a rigid, irrational, inaccurate straitjacket of 200,000 government codes.
A Problem-Oriented Approach to the HIPAA Security Standards ”The best way to approach HIPAA's many security mandates is to break them down into manageable categories and tasks.”
What You Need to Know About HIPAA Now
”Taken together, the HIPAA standards will require major changes in how health care organizations handle all facets of information management, including reimbursement, coding, security, patient records and care management.” 

  Consumers can find FORMS TO USE NOW, to inform medical professionals, banks, home health agencies, public health agencies, health insurers and managed care providers, state health departments, and others NOT TO use, disclose, or sell your personal medical information.


  Links to Jaffee-Redmond home page:

Although the JAFFEE privilege has been likened by the Supreme Court to the attorney-client privilege, the JAFFEE privilege lacks the latter's many years of common law experience. The way in which the new privilege develops is of major importance to all psychotherapists and their patients. It is the goal of this WWW site to increase public awareness of the JAFFEE privilege and it's important implications for the confidentiality of psychotherapeutic relationships.  The tragedy is that the protection supposedly afforded to psychotherapy notes under HIPAA is so very very limited.  See The Contentious Matter of Psychotherapy Notes at this HIPAA Help site.

Articles and discussions regarding HIPAA

Continually updated list of HIPAA compliance articles, media:


The 11/02 issue of the American Journal of Psychiatry contains an overview by Paul Appelbaum, MD "Privacy in Psychiatric Treatment: Threats and Responses." AM J Psych 159:11, November 2002 pages 1809-1818. (You can view the entire article at  

In his words, the loss of consent "represents the most profound change in traditional practices wrought by the HIPAA regulations." Regarding this devastating effect of the amendments he also said, "Thus was lost the historic right of patients to control the dissemination of their medical records."

Appelbaum has … faith in our abilities to retain privacy protections at the state level. However, he does not recognize the tremendous pressure that the insurance industry … will now apply to every state in the US to eliminate stricter state medical privacy laws. Unfortunately, Paul did not realize the import of the new "federal regulatory permission" that the HIPAA amendments gave health insurers, which permit health plans to access everyone's entire medical records without notice and EVEN IF PATIENTS REFUSE CONSENT to release the information, for the purposes of "health plan operations." (comments by Deborah Peel, MD)


The American Psychiatric Organization and other groups have expressed strong concern that the final regulations do not provide adequate protection against the disclosure of patients' medical information. The APA response to the August 2002 changes can be found at


AMERICAN PSYCHIATRIC ASSOCIATION Documentation of Psychotherapy by Psychiatrists  This document provides a suggested format for documentation of psychotherapy notes pursuant to the new HIPAA regulations. 

AMERICAN PSYCHIATRIC ASSOCIATION Minimum Necessary Guidelines for Third-Party Payers for Psychiatric Treatment 

This is a position statement on the "minimum necessary" information required under the HIPAA Privacy Rule to process an insurance claim for psychiatric treatment.   Note the differences between these documents in their focus and intention and the "Records Insurance Companies Want" document . While not a HIPAA case, the suit of Daniel S. Shrager, MD, a member of the Pennsylvania Psychiatric Society practicing in Pittsburgh,  ... in his fight to preserve patient confidentiality and his credentialed status in the Magellan network. ...  the underlying issue of dispute is the extent to which a managed care organization has the right to view patient records, in particular for site reviews.  ...  every effort must be made to preserve the confidentiality of patient records and the patient’s right to provide truly informed consent. Magellan first decredentialed Dr. Shrager after he failed to set up a site visit, as requested, for Magellan to see patient records in order to review his record-keeping practices. He had asked Magellan to reconsider, citing the need for a signed, informed consent from the patient and the negative effect which loss of confidentiality has on patient care.


The Myth of Patient Confidentiality November 1999

(One) medical-privacy threat comes from a new data collection system being implemented by the federal Health Care Financing Administration (HCFA), which oversees the wide-ranging Medicare program. Called the Outcome and Assessment Information Set (OASIS)  

SUE BLEVINS: A threat to medical privacy …  (November 21, 1999 More than 8 million Americans may soon find federal health nannies pouring over their most private medical records …

HCFA (Health Care Financing Administration) Consumer Information site devoted to HIPAA, Mental Health Parity, etc.
 Welcome to HIPAA OnLine . This interactive tool, provided by the Federal Government, helps answer your questions about health coverage and your rights and protections under the Health Insurance Portability and Accountability Act (HIPAA).If you have questions on getting and continuing health coverage during events such as losing or changing jobs, pregnancy, moving, or divorce, you can get answers here.  Health Hippo: HIPAA Page

A lot of regulation has followed passage of the Health Insurance Portability and Accountability Act (HIPAA), which has been called …

Wired Health 85% of people in a recent poll felt that maintaining the confidentiality of medical records is absolutely essential or very important in national health care reform, according to one government-sponsored report. Yet 80% already feel they have little control over how their personal medical information is used …