Table of Contents
CFR 45 PART 160 — GENERAL ADMINISTRATIVE REQUIREMENTS
CFR 45 PART 162 — ADMINISTRATIVE REQUIREMENTS
CFR 45 PART 164 — SECURITY AND PRIVACY
Questions about HIPAA Compliance in this post HITECH/Omnibus Final Rule world?
Get up to speed fast with the HIPAA Survival Guide Fourth Edition and
our Omnibus Rule Ready™ HIPAA Compliance Tools.
PART 160 — GENERAL ADMINISTRATIVE REQUIREMENTS
Subpart A — General Provisions
§ 160.101 Statutory basis and purpose
§ 160.102 Applicability
§ 160.103 Definitions
§ 160.104 Modifications
§ 160.105 Compliance dates for implementation of new or modified standards and implementation specifications
Subpart B — Preemption of State Law
§ 160.201 Statutory basis
§ 160.202 Definitions
§ 160.203 General rule and exceptions
§ 160.204 Process for requesting exception determinations
§ 160.205 Duration of effectiveness of exception determinations
Subpart C — Compliance and Enforcement
§ 160.300 Applicability
§ 160.302 [Removed and Reserved]
§ 160.304 Principles for achieving compliance
§ 160.306 Complaints to the Secretary
§ 160.308 Compliance reviews
§ 160.310 Responsibilities of covered entities
§ 160.312 Secretarial action regarding complaints and compliance reviews
§ 160.314 Investigational subpoenas and inquiries
§ 160.316 Refraining from intimidation or retaliation
Subpart D - Imposition of Civil Money Penalties
§ 160.400 Applicability
§ 160.401 Definitions
§ 160.402 Basis for a civil money penalty
§ 160.404 Amount of a civil money penalty
§ 160.406 Violations of an identical requirement or prohibition
§ 160.408 Factors considered in determining the amount of a civil money penalty
§ 160.410 Affirmative defenses
§ 160.412 Waiver
§ 160.414 Limitations
§ 160.416 Authority to settle
§ 160.418 Penalty not exclusive
§ 160.420 Notice of proposed determination
§ 160.422 Failure to request a hearing
§ 160.424 Collection of penalty
§ 160.426 Notification of the public and other agencies
Subpart E — Procedures for Hearings
§ 160.500 Applicability
§ 160.502 Definitions
§ 160.504 Hearing before an ALJ
§ 160.506 Rights of the parties
§ 160.508 Authority of the ALJ
§ 160.510 Ex parte contacts
§ 160.512 Prehearing conferences
§ 160.514 Authority to settle
§ 160.516 Discovery
§ 160.518 Exchange of witness lists, witness statements, and exhibits
§ 160.520 Subpoenas for attendance at hearing
§ 160.522 Fees
§ 160.524 Form, filing, and service of papers
§ 160.526 Computation of time
§ 160.528 Motions
§ 160.530 Sanctions
§ 160.532 Collateral estoppel
§ 160.534 The hearing
§ 160.536 Statistical sampling
§ 160.538 Witnesses
§ 160.540 Evidence
§ 160.542 The record
§ 160.544 Post hearing briefs
§ 160.546 ALJ's decision
§ 160.548 Appeal of the ALJ's decision
§ 160.550 Stay of the Secretary's decision
§ 160.552 Harmless error
PART 162 — ADMINISTRATIVE REQUIREMENTS
Subpart A — General Provisions
§ 162.100 Applicability
§ 162.103 Definitions
Subpart D — Standard Unique Health Identifier for Health Care Providers
§ 162.402 Definitions
§ 162.404 Compliance dates of the implementation of the standard unique health identifier for health care providers
§ 162.406 Standard unique health identifier for health care providers
§ 162.408 National provider system
§ 162.410 Implementation specifications: Health care providers
§ 162.412 Implementation specifications: Health plans
§ 162.414 Implementation specifications: Health care clearinghouses
Subpart F — Standard Unique Health Employer Identifier
§ 162.600 Compliance dates of the implementation of the standard unique employer identifier
§ 162.605 Standard unique employer identifier
§ 162.610 Implementation specifications for covered entities
Subpart I — General Provisions for Transactions
§ 162.900 Compliance dates for transaction standards and code sets
§ 162.910 Maintenance of standards and adoption of modifications and new standards
§ 162.915 Trading partner agreements
§ 162.920 Availability of implementation specifications
§ 162.923 Requirements for covered entities
§ 162.925 Additional requirements for health plans
§ 162.930 Additional requirements for health care clearinghouses
§ 162.940 Exceptions from standards to permit testing of proposed modifications
§ 162.1000 General requirements
§ 162.1002 Medical data code sets
§ 162.1011 Valid code sets
Subpart K — Health Care Claims or Equivalent Encounter Information
§ 162.1101 Health care claims or equivalent encounter information transaction
§ 162.1102 Standards for health care claims or equivalent encounter information transaction
Subpart L — Eligibility for a Health Plan
§ 162.1201 Eligibility for a health plan transaction
§ 162.1202 Standards for eligibility for a health plan transaction
Subpart M — Referral Certification and Authorization
§ 162.1301 Referral certification and authorization transaction
§ 162.1302 Standards for referral certification and authorization transaction
Subpart N — Health Care Claim Status
§ 162.1401 Health care claim status transaction
§ 162.1402 Standards for health care claim status transaction
Subpart O — Enrollment and Disenrollment in a Health Plan
§ 162.1501 Enrollment and disenrollment in a health plan transaction
§ 162.1502 Standards for enrollment and disenrollment in a health plan transaction
Subpart P — Health Care Payment and Remittance Advice
§ 162.1601 Health care payment and remittance advice transaction
§ 162.1602 Standards for health care payment and remittance advice transaction
Subpart Q — Health Plan Premium Payments
§ 162.1701 Health plan premium payments transaction
§ 162.1702 Standards for health plan premium payments transaction
Subpart R — Coordination of Benefits
§ 162.1801 Coordination of benefits transaction
§ 162.1802 Standards for coordination of benefits information transaction
PART 164 — SECURITY AND PRIVACY
Subpart A — General Provisions
§ 164.102 Statutory basis
§ 164.103 Definitions
§ 164.104 Applicability
§ 164.105 Organizational Requirements
§ 164.106 Relationship to other parts
Subpart C — Security Standards for the Protection of Electronic Protected Health Information
§ 164.302 Applicability
§ 164.304 Definitions
§ 164.306 Security standards: General rules
§ 164.308 Administrative safeguards
§ 164.310 Physical safeguards
§ 164.312 Technical safeguards
§ 164.314 Organizational requirements
§ 164.316 Policies and procedures and documentation requirements
§ 164.318 Compliance dates for initial implementation of security standards
Subpart D — Notification in the Case of Breach of Unsecured Protected Health Information
§ 164.400 Applicability.
§ 164.402 Definitions.
§ 164.404 Notification to individuals.
§ 164.406 Notification to the media.
§ 164.408 Notification to the Secretary.
§ 164.410 Notification by a business associate.
§ 164.412 Law enforcement delay.
§ 164.414 Administrative requirements and burden of proof.
Subpart E — Privacy of Individually Identifiable Health Information
§ 164.500 Applicability
§ 164.501 Definitions
§ 164.502 Uses and disclosures of protected health information: general rules
§ 164.504 Uses and disclosures: organizational requirements
§ 164.506 Uses and disclosures to carry out treatment, payment, or health care operations
§ 164.508 Uses and disclosures for which an authorization is required
§ 164.510 Uses and disclosures requiring an opportunity for the individual to agree or to object
§ 164.512 Uses and disclosures for which an authorization or opportunity to agree or object is not required 58
§ 164.514 Other requirements relating to uses & disclosures of protected health information
§ 164.520 Notice of privacy practices for protected health information
§ 164.522 Rights to request privacy protection for protected health information
§ 164.524 Access of individuals to protected health information
§ 164.526 Amendment of protected health information
§ 164.528 Accounting of disclosures of protected health information
§ 164.530 Administrative requirements
§ 164.532 Transition provisions
§ 164.534 Compliance dates for initial implementation of the privacy standards
Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.