Table of Contents

45 CFR 160 — GENERAL ADMINISTRATIVE REQUIREMENTS

45 CFR 162 — ADMINISTRATIVE REQUIREMENTS

45 CFR 164 — SECURITY AND PRIVACY

Questions about HIPAA Compliance in this post HITECH/Omnibus Final Rule world?
Get up to speed fast with the HIPAA Survival Guide Fourth Edition
(Get the HSG 4th Ed. FREE when you sign up for our newsletter)
and our Omnibus Rule Ready™ HIPAA Compliance Tools.

PART 160 — GENERAL ADMINISTRATIVE REQUIREMENTS

Subpart A — General Provisions

§ 160.101 Statutory basis and purpose

§ 160.102 Applicability

§ 160.103 Definitions

§ 160.104 Modifications

§ 160.105 Compliance dates for implementation of new or modified standards and implementation specifications

Subpart B — Preemption of State Law

§ 160.201 Statutory basis

§ 160.202 Definitions

§ 160.203 General rule and exceptions

§ 160.204 Process for requesting exception determinations

§ 160.205 Duration of effectiveness of exception determinations

Subpart C — Compliance and Enforcement

§ 160.300 Applicability

§ 160.302 [Removed and Reserved]

§ 160.304 Principles for achieving compliance

§ 160.306 Complaints to the Secretary

§ 160.308 Compliance reviews

§ 160.310 Responsibilities of covered entities

§ 160.312 Secretarial action regarding complaints and compliance reviews

§ 160.314 Investigational subpoenas and inquiries

§ 160.316 Refraining from intimidation or retaliation

Subpart D - Imposition of Civil Money Penalties

§ 160.400 Applicability

§ 160.401 Definitions

§ 160.402 Basis for a civil money penalty

§ 160.404 Amount of a civil money penalty

§ 160.406 Violations of an identical requirement or prohibition

§ 160.408 Factors considered in determining the amount of a civil money penalty

§ 160.410 Affirmative defenses

§ 160.412 Waiver

§ 160.414 Limitations

§ 160.416 Authority to settle

§ 160.418 Penalty not exclusive

§ 160.420 Notice of proposed determination

§ 160.422 Failure to request a hearing

§ 160.424 Collection of penalty

§ 160.426 Notification of the public and other agencies

Subpart E — Procedures for Hearings

§ 160.500 Applicability

§ 160.502 Definitions

§ 160.504 Hearing before an ALJ

§ 160.506 Rights of the parties

§ 160.508 Authority of the ALJ

§ 160.510 Ex parte contacts

§ 160.512 Prehearing conferences

§ 160.514 Authority to settle

§ 160.516 Discovery

§ 160.518 Exchange of witness lists, witness statements, and exhibits

§ 160.520 Subpoenas for attendance at hearing

§ 160.522 Fees

§ 160.524 Form, filing, and service of papers

§ 160.526 Computation of time

§ 160.528 Motions

§ 160.530 Sanctions

§ 160.532 Collateral estoppel

§ 160.534 The hearing

§ 160.536 Statistical sampling

§ 160.538 Witnesses

§ 160.540 Evidence

§ 160.542 The record

§ 160.544 Post hearing briefs

§ 160.546 ALJ's decision

§ 160.548 Appeal of the ALJ's decision

§ 160.550 Stay of the Secretary's decision

§ 160.552 Harmless error

PART 162 — ADMINISTRATIVE REQUIREMENTS

Subpart A — General Provisions

§ 162.100 Applicability

§ 162.103 Definitions

Subparts B and C — [Reserved]

Subpart D — Standard Unique Health Identifier for Health Care Providers

§ 162.402 Definitions

§ 162.404 Compliance dates of the implementation of the standard unique health identifier for health care providers

§ 162.406 Standard unique health identifier for health care providers

§ 162.408 National provider system

§ 162.410 Implementation specifications: Health care providers

§ 162.412 Implementation specifications: Health plans

§ 162.414 Implementation specifications: Health care clearinghouses

Subpart E — [Reserved]

Subpart F — Standard Unique Health Employer Identifier

§ 162.600 Compliance dates of the implementation of the standard unique employer identifier

§ 162.605 Standard unique employer identifier

§ 162.610 Implementation specifications for covered entities

Subparts G and H — [Reserved]

Subpart I — General Provisions for Transactions

§ 162.900 Compliance dates for transaction standards and code sets

§ 162.910 Maintenance of standards and adoption of modifications and new standards

§ 162.915 Trading partner agreements

§ 162.920 Availability of implementation specifications

§ 162.923 Requirements for covered entities

§ 162.925 Additional requirements for health plans

§ 162.930 Additional requirements for health care clearinghouses

§ 162.940 Exceptions from standards to permit testing of proposed modifications

Subpart J — Code Sets

§ 162.1000 General requirements

§ 162.1002 Medical data code sets

§ 162.1011 Valid code sets

Subpart K — Health Care Claims or Equivalent Encounter Information

§ 162.1101 Health care claims or equivalent encounter information transaction

§ 162.1102 Standards for health care claims or equivalent encounter information transaction

Subpart L — Eligibility for a Health Plan

§ 162.1201 Eligibility for a health plan transaction

§ 162.1202 Standards for eligibility for a health plan transaction

Subpart M — Referral Certification and Authorization

§ 162.1301 Referral certification and authorization transaction

§ 162.1302 Standards for referral certification and authorization transaction

Subpart N — Health Care Claim Status

§ 162.1401 Health care claim status transaction

§ 162.1402 Standards for health care claim status transaction

Subpart O — Enrollment and Disenrollment in a Health Plan

§ 162.1501 Enrollment and disenrollment in a health plan transaction

§ 162.1502 Standards for enrollment and disenrollment in a health plan transaction

Subpart P — Health Care Payment and Remittance Advice

§ 162.1601 Health care payment and remittance advice transaction

§ 162.1602 Standards for health care payment and remittance advice transaction

Subpart Q — Health Plan Premium Payments

§ 162.1701 Health plan premium payments transaction

§ 162.1702 Standards for health plan premium payments transaction

Subpart R — Coordination of Benefits

§ 162.1801 Coordination of benefits transaction

§ 162.1802 Standards for coordination of benefits information transaction

PART 164 — SECURITY AND PRIVACY

Subpart A — General Provisions

§ 164.102 Statutory basis

§ 164.103 Definitions

§ 164.104 Applicability

§ 164.105 Organizational Requirements

§ 164.106 Relationship to other parts

Subpart B — [Reserved]

Subpart C — Security Standards for the Protection of Electronic Protected Health Information

§ 164.302 Applicability

§ 164.304 Definitions

§ 164.306 Security standards: General rules

§ 164.308 Administrative safeguards

§ 164.310 Physical safeguards

§ 164.312 Technical safeguards

§ 164.314 Organizational requirements

§ 164.316 Policies and procedures and documentation requirements

§ 164.318 Compliance dates for initial implementation of security standards

Subpart D — Notification in the Case of Breach of Unsecured Protected Health Information

§ 164.400 Applicability.

§ 164.402 Definitions.

§ 164.404 Notification to individuals.

§ 164.406 Notification to the media.

§ 164.408 Notification to the Secretary.

§ 164.410 Notification by a business associate.

§ 164.412 Law enforcement delay.

§ 164.414 Administrative requirements and burden of proof.

Subpart E — Privacy of Individually Identifiable Health Information

§ 164.500 Applicability

§ 164.501 Definitions

§ 164.502 Uses and disclosures of protected health information: general rules

§ 164.504 Uses and disclosures: organizational requirements

§ 164.506 Uses and disclosures to carry out treatment, payment, or health care operations  

§ 164.508 Uses and disclosures for which an authorization is required

§ 164.510 Uses and disclosures requiring an opportunity for the individual to agree or to object

§ 164.512 Uses and disclosures for which an authorization or opportunity to agree or object is not required 58

§ 164.514 Other requirements relating to uses & disclosures of protected health information

§ 164.520 Notice of privacy practices for protected health information

§ 164.522 Rights to request privacy protection for protected health information

§ 164.524 Access of individuals to protected health information

§ 164.526 Amendment of protected health information

§ 164.528 Accounting of disclosures of protected health information

§ 164.530 Administrative requirements

§ 164.532 Transition provisions

§ 164.534 Compliance dates for initial implementation of the privacy standards

Full Table of Contents


Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.

« Previous PageHIPAA Regulations Table of ContentsNext Page »