Table of Contents

CFR 45 PART 160 — GENERAL ADMINISTRATIVE REQUIREMENTS

CFR 45 PART 162 — ADMINISTRATIVE REQUIREMENTS

CFR 45 PART 164 — SECURITY AND PRIVACY

Questions about HIPAA Compliance in this post HITECH/Omnibus Final Rule world?
Get up to speed fast with the HIPAA Survival Guide Fourth Edition and
our Omnibus Rule Ready™ HIPAA Compliance Tools.

PART 160 — GENERAL ADMINISTRATIVE REQUIREMENTS

Subpart A — General Provisions

§ 160.101 Statutory basis and purpose

§ 160.102 Applicability

§ 160.103 Definitions

§ 160.104 Modifications

§ 160.105 Compliance dates for implementation of new or modified standards and implementation specifications

Subpart B — Preemption of State Law

§ 160.201 Statutory basis

§ 160.202 Definitions

§ 160.203 General rule and exceptions

§ 160.204 Process for requesting exception determinations

§ 160.205 Duration of effectiveness of exception determinations

Subpart C — Compliance and Enforcement

§ 160.300 Applicability

§ 160.302 [Removed and Reserved]

§ 160.304 Principles for achieving compliance

§ 160.306 Complaints to the Secretary

§ 160.308 Compliance reviews

§ 160.310 Responsibilities of covered entities

§ 160.312 Secretarial action regarding complaints and compliance reviews

§ 160.314 Investigational subpoenas and inquiries

§ 160.316 Refraining from intimidation or retaliation

Subpart D - Imposition of Civil Money Penalties

§ 160.400 Applicability

§ 160.401 Definitions

§ 160.402 Basis for a civil money penalty

§ 160.404 Amount of a civil money penalty

§ 160.406 Violations of an identical requirement or prohibition

§ 160.408 Factors considered in determining the amount of a civil money penalty

§ 160.410 Affirmative defenses

§ 160.412 Waiver

§ 160.414 Limitations

§ 160.416 Authority to settle

§ 160.418 Penalty not exclusive

§ 160.420 Notice of proposed determination

§ 160.422 Failure to request a hearing

§ 160.424 Collection of penalty

§ 160.426 Notification of the public and other agencies

Subpart E — Procedures for Hearings

§ 160.500 Applicability

§ 160.502 Definitions

§ 160.504 Hearing before an ALJ

§ 160.506 Rights of the parties

§ 160.508 Authority of the ALJ

§ 160.510 Ex parte contacts

§ 160.512 Prehearing conferences

§ 160.514 Authority to settle

§ 160.516 Discovery

§ 160.518 Exchange of witness lists, witness statements, and exhibits

§ 160.520 Subpoenas for attendance at hearing

§ 160.522 Fees

§ 160.524 Form, filing, and service of papers

§ 160.526 Computation of time

§ 160.528 Motions

§ 160.530 Sanctions

§ 160.532 Collateral estoppel

§ 160.534 The hearing

§ 160.536 Statistical sampling

§ 160.538 Witnesses

§ 160.540 Evidence

§ 160.542 The record

§ 160.544 Post hearing briefs

§ 160.546 ALJ's decision

§ 160.548 Appeal of the ALJ's decision

§ 160.550 Stay of the Secretary's decision

§ 160.552 Harmless error

PART 162 — ADMINISTRATIVE REQUIREMENTS

Subpart A — General Provisions

§ 162.100 Applicability

§ 162.103 Definitions

Subparts B and C — [Reserved]

Subpart D — Standard Unique Health Identifier for Health Care Providers

§ 162.402 Definitions

§ 162.404 Compliance dates of the implementation of the standard unique health identifier for health care providers

§ 162.406 Standard unique health identifier for health care providers

§ 162.408 National provider system

§ 162.410 Implementation specifications: Health care providers

§ 162.412 Implementation specifications: Health plans

§ 162.414 Implementation specifications: Health care clearinghouses

Subpart E — [Reserved]

Subpart F — Standard Unique Health Employer Identifier

§ 162.600 Compliance dates of the implementation of the standard unique employer identifier

§ 162.605 Standard unique employer identifier

§ 162.610 Implementation specifications for covered entities

Subparts G and H — [Reserved]

Subpart I — General Provisions for Transactions

§ 162.900 Compliance dates for transaction standards and code sets

§ 162.910 Maintenance of standards and adoption of modifications and new standards

§ 162.915 Trading partner agreements

§ 162.920 Availability of implementation specifications

§ 162.923 Requirements for covered entities

§ 162.925 Additional requirements for health plans

§ 162.930 Additional requirements for health care clearinghouses

§ 162.940 Exceptions from standards to permit testing of proposed modifications

Subpart J — Code Sets

§ 162.1000 General requirements

§ 162.1002 Medical data code sets

§ 162.1011 Valid code sets

Subpart K — Health Care Claims or Equivalent Encounter Information

§ 162.1101 Health care claims or equivalent encounter information transaction

§ 162.1102 Standards for health care claims or equivalent encounter information transaction

Subpart L — Eligibility for a Health Plan

§ 162.1201 Eligibility for a health plan transaction

§ 162.1202 Standards for eligibility for a health plan transaction

Subpart M — Referral Certification and Authorization

§ 162.1301 Referral certification and authorization transaction

§ 162.1302 Standards for referral certification and authorization transaction

Subpart N — Health Care Claim Status

§ 162.1401 Health care claim status transaction

§ 162.1402 Standards for health care claim status transaction

Subpart O — Enrollment and Disenrollment in a Health Plan

§ 162.1501 Enrollment and disenrollment in a health plan transaction

§ 162.1502 Standards for enrollment and disenrollment in a health plan transaction

Subpart P — Health Care Payment and Remittance Advice

§ 162.1601 Health care payment and remittance advice transaction

§ 162.1602 Standards for health care payment and remittance advice transaction

Subpart Q — Health Plan Premium Payments

§ 162.1701 Health plan premium payments transaction

§ 162.1702 Standards for health plan premium payments transaction

Subpart R — Coordination of Benefits

§ 162.1801 Coordination of benefits transaction

§ 162.1802 Standards for coordination of benefits information transaction

PART 164 — SECURITY AND PRIVACY

Subpart A — General Provisions

§ 164.102 Statutory basis

§ 164.103 Definitions

§ 164.104 Applicability

§ 164.105 Organizational Requirements

§ 164.106 Relationship to other parts

Subpart B — [Reserved]

Subpart C — Security Standards for the Protection of Electronic Protected Health Information

§ 164.302 Applicability

§ 164.304 Definitions

§ 164.306 Security standards: General rules

§ 164.308 Administrative safeguards

§ 164.310 Physical safeguards

§ 164.312 Technical safeguards

§ 164.314 Organizational requirements

§ 164.316 Policies and procedures and documentation requirements

§ 164.318 Compliance dates for initial implementation of security standards

Subpart D — Notification in the Case of Breach of Unsecured Protected Health Information

§ 164.400 Applicability.

§ 164.402 Definitions.

§ 164.404 Notification to individuals.

§ 164.406 Notification to the media.

§ 164.408 Notification to the Secretary.

§ 164.410 Notification by a business associate.

§ 164.412 Law enforcement delay.

§ 164.414 Administrative requirements and burden of proof.

Subpart E — Privacy of Individually Identifiable Health Information

§ 164.500 Applicability

§ 164.501 Definitions

§ 164.502 Uses and disclosures of protected health information: general rules

§ 164.504 Uses and disclosures: organizational requirements

§ 164.506 Uses and disclosures to carry out treatment, payment, or health care operations  

§ 164.508 Uses and disclosures for which an authorization is required

§ 164.510 Uses and disclosures requiring an opportunity for the individual to agree or to object

§ 164.512 Uses and disclosures for which an authorization or opportunity to agree or object is not required 58

§ 164.514 Other requirements relating to uses & disclosures of protected health information

§ 164.520 Notice of privacy practices for protected health information

§ 164.522 Rights to request privacy protection for protected health information

§ 164.524 Access of individuals to protected health information

§ 164.526 Amendment of protected health information

§ 164.528 Accounting of disclosures of protected health information

§ 164.530 Administrative requirements

§ 164.532 Transition provisions

§ 164.534 Compliance dates for initial implementation of the privacy standards

Full Table of Contents


Our HIPAA Compliance Tools are Omnibus Rule Ready™ and HITECH Act Ready™.

« Previous PageHIPAA Regulations Table of ContentsNext Page »