The HIPAA contact and resource guide 

Understanding HIPAA compliance can be challenging, especially when verifying privacy and security or reporting potential violations. Whether you're a healthcare provider, business associate, or patient, navigating HIPAA Rules can be challenging. 

As such, our comprehensive guide includes contact details, resources, and organizations to support HIPAA-related needs. Covered entities, like healthcare providers, insurance plans and healthcare clearinghouses must use this guide to stay informed and maintain patient data protection.

Primary contacts for HIPAA guidance  

HHS Office for Civil Rights (OCR)  

The OCR is the primary authority for enforcing HIPAA Privacy, Security, and Breach Notification Rules. It handles complaints, provides guidance, and offers educational tools.  

For their HIPAA information website, click here. Alternatively, you can lodge a complaint on their portal or phone 1-800-368-1019 (TDD: 1-800-537-7697) or even email ocrmail@hhs.gov  

Additionally, the OCR encourages the public to stay informed by subscribing to its Privacy & Security Listservs, which share updates on FAQs, guidance, and technical tools.  

Centers for Medicare and Medicaid Services (CMS)  

CMS oversees HIPAA’s administrative simplification provisions, including electronic transactions and code sets. It also offers training and compliance guides for healthcare professionals. 

Furthermore, healthcare professionals can call the CMS at 1-800-MEDICARE (1-800-633-4227).

State attorneys general offices  

State Attorneys General can enforce HIPAA within their jurisdictions. They address violations impacting state residents and provide additional resources for healthcare organizations and individuals.  Their directory can be found here.

Resources for HIPAA training and education  

HealthIT.gov  

HealthIT.gov offers guides, tools, and interactive learning materials for beginners and professionals. Providers can use their guide to privacy and security of electronic health information, security training games, risk assessment checklists, and compliance guides.  

Organizations supporting HIPAA standards  

Technical and standards organizations  

The following organizations provide technical guidance and implementation tools for entities dealing with electronic health records, billing, or claims:

• Health Level Seven (HL7) 
• Accredited Standards Committee X12 
• Workgroup for Electronic Data Interchange (WEDI)

Professional and trade associations  

These associations support healthcare compliance professionals with education, networking, and policy advocacy:  

• American Health Information Management Association (AHIMA)
• American Medical Informatics Association (AMIA) 
• Healthcare Information and Management Systems Society (HIMSS)

Consumer advocacy and privacy protection  

• The Health Privacy Project advocates for patient rights and privacy protections.  
• The Electronic Privacy Information Center (EPIC) focuses on electronic data privacy, including healthcare and can also be reached at 202-483-1140.

Additional HIPAA resources  

Government sites  

• National Committee on Vital and Health Statistics (NCVHS)
• General Accounting Office (GAO)
• National Uniform Billing Committee 

Compliance support services  

• Beacon Partners 
• Phoenix Health Systems 

FAQs

What is HIPAA compliance?

HIPAA compliance refers to adhering to regulations outlined in the Health Insurance Portability and Accountability Act to safeguard patients’ protected health information (PHI).

Go deeper: What is HIPAA?

How does HIPAA compliance impact patient trust?

When providers are HIPAA compliant, they demonstrate a commitment to safeguarding patient privacy and improve trust in the patient-provider relationship.

What should providers do to maintain HIPAA compliance?

Providers must implement administrative, physical, and technical safeguards (like using Paubox), conduct regular risk assessments, and provide staff training to maintain HIPAA compliance.