Become a Member

HIT Resources

The following Web sites are organized into two main categories: Health Insurance Portability and Accountability Act (HIPAA) HIPAA sites include resources on health data standards relevant to public health and health services researchers that are mandated under the Administrative Simplification provisions of HIPAA of 1996; and HIPAA plus sites include resources on health data standards relevant to public health and health services researchers not currently mandated by HIPAA and about which HIPAA calls for more information.

HIPAA Sites

HIPAA Plus Sites

HIPAA Sites

HIPAA sites are organized by general information about HIPAA and resources describing privacy, security and electronic data interchange (EDI) standards (e.g., administrative data transactions and code sets), necessary under HIPAA to develop an electronic system for information transactions related to the provision of health services. Links to examples of guidances for HIPAA implementation are also provided.

HIPAA General Information
    CMS Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification Site -- Entry point for all HIPAA related information maintained by CMS, covering electronic transactions, security, national identifiers, and enforcement. The site also provides a variety of educational materials to assist in assessing, planning, and implementing the HIPAA requirements.
  • Administrative Simplification Under HIPAA: National Standards for Transactions, Security, and Privacy Fact Sheet -- Includes facts on covered entities, compliance schedules, electronic transaction standards, privacy standards, security standards, national employer identifier, national provider identifier, and personal identifier (on hold).
  • Public Law 104-191, AUG. 21, 1996 -- Health Insurance Portability and Accountability Act of 1996.
  • Health Resources and Services Administration (HRSA) -- envisions optimal health for all, supported by a health care system that assures access to comprehensive, culturally competent, quality care. HRSA provides national leadership, program resources and services needed to improve access to culturally competent, quality health care. As the Nation’s Access Agency, HRSA focuses on uninsured, underserved, and special needs populations in its goals and program activities. The HRSA HIPAA web site includes information on HIPAA Privacy Regulations, Insurance Protections, Administrative Simplification, HRSA HIPAA Tools and additional topical links.
  • HIPAA definitions and concepts -- Reproduced from the original text of the Health Insurance Portability and Accountability Act. Includes Health Care Clearinghouse, Health Care Provider, Health Information, Health Plan, Individually Identifiable Health Information, and Transactions.
  • How to implement Kassebaum-Kennedy -- A State Legislators' Guide to the Health Insurance Portability and Accountability Act of 1996 by Conrad F. Meier. A primer written in 1997 that helps public health officials understand some of the concerns of their legislators.
  • NCVHS home page -- NCVHS serves as the statutory public advisory body to the Secretary of Health and Human Services in the area of health data and statistics. In that capacity the Committee provides advice and assistance to the Department and serves as a forum for interaction with interested private sector groups on a variety of key health data issues.
  • National Health Information Infrastructure (NHII) -- The National Health Information Infrastructure is a set of technologies, standards, applications, systems, values, and laws that support all facets of individual health, health care, and public health. The Web site, created by NCVHS, includes resources for code sets, electronic health records, National Information Infrastructure, National Health Information Infrastructure, privacy and confidentiality, standards development, and telemedicine.
  • Health Website Search Module at NAHDO (A Project Funded by the Society of Actuaries) -- This site provides suggestions to additional links about HIPAA. The search module provides a list of annotated sites, grouped by category which can be searched.
  • Washington State Department of Social and Health Services - HIPAA -- This site provides suggestions to additional links about HIPAA.
  • Substance Abuse and Mental Health Services Administration - HIPAA -- This site provides information from the Substance Abuse and Mental Health Services Administration regarding the impact of HIPAA on mental health and substance abuse services.
  • Workgroup for Electronic Data Interchange/Strategic National Implementation Process (WEDI/SNIP) -- This Web site provides suggestions for additional links to sites about HIPAA implementation. WEDI/SNIP is a collaborative health care industry-wide process resulting in the implementation of standards and furthering the development and implementation of future standards. Specifically, the WEDI HIPAA SNIP Task Group has been established to meet the immediate need to assess industry-wide HIPAA Administrative Simplification implementation readiness and to bring about the national coordination necessary for successful compliance. This site also provides WEDI-Strategic National Implementation Process (SNIP) papers on security and Privacy of health information.
Privacy

The privacy standard spells out permissible uses of patient identifiable health care information in paper or electronic form.

    Summary of the HIPAA Privacy Rule -- The US Department of Health and Human Services issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996. The Standards for privacy of individually identifiable health information (Privacy Rule) establishes a set of national standards for the protection of certain health information.
  • The full final Privacy rule and other related privacy documents.
  • First guidance on the final Privacy Rule from the Office on Civil Rights, Department of Health and Human Services (DHHS) -- Standards for Privacy of Individually Identifiable Health Information including information on disease reporting and justification for public health authorities obtaining data (7/6/2001).
  • Frequently Asked Questions about HIPAA Privacy -- This document contains responses to Frequently Asked Questions (FAQs) from the Office of Civil Rights to questions and comments received at their Web site about the HIPAA Privacy Rule. FAQs include the following: If I believe that my privacy rights have been violated, when can I submit a complaint? Does the Privacy Rule protect genetic information? Are state, county or local health departments required to comply with the Privacy Rule? Are the following types of insurance covered under HIPAA: long/short term disability; workers compensation; automobile liability that includes coverage for medical payments? Is an entity that is acting as a third party administrator to a group health plan a covered entity? Is the Privacy Rule compliance date delayed by the Administrative Simplification Compliance Act (ASCA) that was enacted in December 2001?

    Also see the ongoing HIPAA Privacy FAQ site.

  • Department of Health and Human Services (DHHS) Fact Sheet: Protecting the Privacy of Patients' Health Information -- This fact sheet provides an overview of the Privacy Rule and includes specific information from the Privacy Rule on the following: compliance schedule, covered entities, consumer control of information, security of personal health information, accountability for the use and release of medical records, balance of public responsibility and privacy protections, cost of implementation and preservation of existing, strong state privacy laws.
  • Plain Language Principles and Thesaurus for Making HIPAA Privacy Notices More Readable guide to creating privacy notices that do not require a high literacy level. Describes principles for writing plain English, clear layout and presentation. Suggests easily understandable words and phrases.
  • Protecting Health Information Privacy and Complying with Federal Regulations - A Resource Guide for HIV Services Providers and the Health Resources and Services Administration’s HIV/AIDS Bureau Staff.
  • Georgetown Health Privacy Project -- The Health Privacy Project provides a broad array of health care stakeholders with the information and tools to work more effectively toward greater protection of health information through cutting-edge research studies, policy analyses, Congressional testimony, extensive work with the media, and a Web site. Also see its Georgetown Health Privacy Project links page.
  • Georgetown University Center on Medical Record Rights and Privacy -- conducts research on key issues in health policy and health services research. The Center is dedicated to raising public awareness of the rights and responsibilities associated with medical records and other health information. Information available on this site includes a series of state-specific guides for health care consumers that covers their health information privacy and rights regarding that information. The site also includes privacy publications, presentations, and state-specific privacy information and laws.
  • Department of Health and Human Services (DHHS)/Office of Civil Rights -- The Office for Civil Rights (OCR) is the departmental component of the Department of Health and Human Services responsible for implementing and enforcing the privacy regulation. This Web site provides background information, general information and technical assistance on national standards to protect the privacy of personal health information. There is also a frequently asked questions page about the Privacy Rule which is updated regularly.
  • National Institutes of Health - Privacy Rule and Research -- This website provides information on the Privacy Rule for the research community. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is the first comprehensive Federal protection for the privacy of personal health information. Research organizations and researchers may or may not be covered by the HIPAA Privacy Rule.
  • National Institutes of Health – Privacy Rule and Research Fact Sheet -- This fact sheet discusses the Privacy Rule and how it permits certain health care providers, health plans, and other entities covered by the Privacy Rule to use and disclose personal health information for health services research. The guidance it provides expands on the interpretation of how the Privacy Rule permits HIPAA covered entities to disclose protected health information for research, and for public health purposes. Agency for Healthcare Research and Quality (AHRQ) helped fund and was involved in the development of the document.
  • Health Services Research and the HIPAA Privacy Rule -- This fact sheet discusses the Privacy Rule and how it permits certain health care providers, health plans, and other entities covered by the Privacy Rule to use and disclose personal health information for health services research.
  • Protecting Health Information Privacy and Complying with Federal Regulations: A Resource Guide for HIV Services Providers and the Health Resources and Services Administration’s HIV/AIDS Bureau Staff -- This document provides information to help HIV/AIDS providers and Ryan White Comprehensive AIDS Resources Emergency (CARE) Act grantees to comply with the Privacy Rule. This guide has attempted to highlight provisions of the Privacy Rule that are especially relevant to CARE Act grantees.
  • Fact Sheet on Medical Records not covered by HIPAA -- A great deal of medical information exists outside of health care facilities and thus is beyond the reach of HIPAA. This fact sheet provides information on medical records not covered by the HIPAA Privacy Rule.
  • American Health Information Management Association (AHIMA) -- Survey results on the state of HIPAA privacy and security compliance, April 2005–AHIMA conducted a survey in April, 2004, to gain an understanding of where healthcare organizations stood with regard to implementing the privacy and security rules of HIPAA. AHIMA has again surveyed health care privacy officers, whose jobs relate to the HIPAA privacy function, looking at compliance with privacy and well as security. This web site shows the survey results. AHIMA hopes the results of the survey will reinforce the importance of protecting the privacy, confidentiality and security of personal health information.
  • DHHS/OCR form for filing a privacy complaint -- The following form is available from the Department of Health and Human Services for filing a privacy complaint.
  • Legal Action Center -- The Legal Action Center is the only non-profit law and policy organization in the United States whose sole mission is to fight discrimination against people with histories of addiction, HIV/AIDS, or criminal records, and to advocate for sound public policies in these areas. This site contains materials on privacy and confidentiality for these highly sensitive conditions and situations. Most are available for purchase only, but are some of the few items available to explore privacy and the relationships between HIPAA and other federal laws such as 42 CFR pt. 2 and FERPA, and common provisions of state laws on HIV/AIDS. There are also some free sample forms for consent, patient notices, and court orders, as well as sample letters for responding to subpoenas.
  • HIPAA Privacy Rule and Public Health -- Balancing the protection of individual health information with the need to protect public health, the Privacy Rule expressly permits disclosures without individual authorization to public health authorities authorized by law to collect or receive the information for the purpose of, but not limited to public health surveillance, investigation, and intervention. Public health practice often requires the acquisition, use, and exchange of PHI to perform public health activities. Public health authorities have a long history of respecting the confidentiality of PHI, and the majority of states as well as the federal government have laws that govern the use of, and serve to protect, identifiable information collected by public health authorities. The purpose of this report is to help public health agencies and others understand and interpret their responsibilities under the Privacy Rule.
  • The National Committee for Vital and Health Statistics (NCVHS) Subcommittee on Privacy and Confidentiality -- This site tracks major developments in health information privacy and confidentiality, identifies issues and opportunities, makes recommendations to the full Committee and assists the Department on implementation of the health information privacy provisions of HIPAA. The site has the Committee’s recommendations and letters to the Secretary about the Rule based on findings from committee meetings and public testimony. Past and current meetings can be listened to over the web, and minutes are published of public testimony and discussion.
  • HIPAA GIVES (Government Information Value Exchange for States) -- This organization provides an avenue for government entities to share information, documents, and ideas about the various HIPAA requirements. To access the site, you must register and be working for a government entity. The site is ordered by document type rather than topic.
  • The National Association of Health Data Organizations (NAHDO) -- This organization is a national not-for-profit membership organization dedicated to improving health care through the collection, analysis, dissemination, public availability, and use of health data. NAHDO is heavily involved in data standards and data privacy efforts. Current news and discussion groups are available, and sessions from its annual meetings, including a data dissemination workshop on release of health information under HIPAA, are also accessible.
  • The International Association of Privacy Professionals (IAPP) -- This organization is the union of the Privacy Officers Association (POA) and the Association of Corporate Privacy Officers (ACPO). IAPP is the nation’s leading association for privacy and security professionals. It helps its members build and maintain privacy programs while effectively navigating the rapidly changing regulatory and legal environments. You must be a member to fully tap the sites resources, but it does have an extensive list of privacy links, not limited to health care, including links to privacy certification organizations and free privacy policy generators.
  • Electronic Privacy Information Center (EPIC) -- The Center is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. The site contains a number of documents and links to medical, HIPAA, and other privacy topics.
  • Order HIPAA privacy posters online
  • The North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) -- This organization is a nonprofit consortium of over 240 organizations dedicated to improving healthcare by accelerating the adoption of information technology. NCHICA has been the most active state organization in working on HIPAA and advocating for states. The site has sample documents, some reviewed by NCHICA members, presentations, and links to white papers and reports as well as websites.
  • The Association of State and Territorial Health Officials (ASTHO) -- This national nonprofit organization represents the state and territorial public health agencies of the United States, the U.S. Territories, and the District of Columbia. The site includes information on HIPAA, privacy and public health activities, including some free publications.
  • Substance Abuse and Mental Health Services Administration (SAMHSA): -- This site is contains information on all aspects of HIPAA, particularly as related to substance abuse and mental health. The site contains sessions and materials from HIPAA conferences, a searchable database of reviews of HIPAA compliance tools, behavioral healthcare procedure codes, and guidance on the relationship between HIPAA and the federal substance abuse privacy law, 42 CFR pt. 2.
  • The Health Care Compliance Association: -- This association champions ethical practice and compliance standards and provides necessary resources for ethics and compliance professionals and others who share these principles. By searching on HIPAA, the site will take you to documents and tools, including an assessment tool and survey results.
Security

The security standard provides uniform protection of electronically maintained and transmitted health information.

    HIPAA Security Standards -- This site contains the final security rule which specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.
  • Centers for Medicare & Medicaid Services (CMS) HIPAA Security Educational Materials -- Contains an educational paper series (including some in Spanish). Current papers cover basic security and physical safeguards.
  • Healthcare Information Management and Systems Society (HIMSS) -- HIMSS is a healthcare industry membership organization exclusively focused on providing leadership for the optimal use of healthcare information technology and management systems for the betterment of human health. HIMSS frames and leads healthcare public policy and industry practices through its advocacy, educational, and professional development initiatives designed to promote information and management systems’ contributions to ensuring quality patient care. The website also contains sections on HIPAA and on privacy and security.
  • National Institute of Standards and Technology (NIST) -- The NIST site provides for the sharing of information security tools and practices, providing one-stop shopping for information security standards and guidelines, and identifying and linking key security web resources to support the industry. NIST provides a series of publications and publication drafts on general and HIPAA specific security topics. These publications represent the results of NIST studies, investigations, and research on information technology security issues. The NIST guidelines are referenced in the Security Rule as guidance.
  • SANS Institute -- The SANS (SysAdmin, Audit, Network, Security) Institute is the largest source for information security training and certification in the world. It develops, and makes available at no cost, the largest collection of research documents about various aspects of information security. Many SANS resources are free. The site contains lists of information security trainings and certification programs, security awareness training, an information security reading room with research documents, an information security glossary, and security policy templates.
State HIPAA Privacy and Security

Sites in bold provide the most comprehensive and largest quantity of information.

    Alabama Medicaid Agency -- This site contains information on all HIPAA topics, including privacy and security.
  • Alaska Health and Social Services, Office of the Commissioner -- This site contains information on all HIPAA topics, including privacy and security, and includes a state preemption analysis.
  • Arizona Health Care Cost Containment System -- This site is primarily for state provider partners, and includes some privacy information and a state preemption analysis.
  • California Healthcare Foundation (CHCF) -- CHCF surveys consumer attitudes, monitors industry practice, and provides information and education about health privacy policy and regulation, both for the state and nationally.
  • California Office of HIPAA Implementation -- The site contains a great deal of information related to HIPAA privacy, such as, laws, regulations, policy memos, FAQs, as well as samples of templates and forms.
  • Hawaii Health Information Corporation -- The Corporation is a membership organization that provides information on all HIPAA topics; some resources and tools are publicly available.
  • Illinois Department of Human Services -- This site contains HIPAA forms for various programs and services in the department.
  • Iowa Strategic National Implementation Process -- This is a comprehensive site for all HIPAA topics; it contains a series of deliverables on both privacy and security.
  • Kansas: HIPAA Readiness for Kansas (HARK) -- HARK is a collaborative effort to inform, educate, and share tools and best practices for the HIPAA readiness. This site covers all HIPAA topics, and contains presentations, analysis tools, and a privacy compliance manual.
  • Kentucky: HIPAA Action Workgroup of Kentucky (HAAWK) -- HAWK coordinates a state-wide workgroup for collaboration on and adopting model industry best practices while pursuing HIPAA compliance. The site contains tools and resources on all areas of HIPAA, with emphasis on privacy materials.
  • Maryland Health Care Commission -- This site contains information on all HIPAA topics, including privacy and security, including a security assessment tool and a preemption analysis with the state health information confidentiality law.
  • Massachusetts Department of Public Health HIPAA Privacy and Security -- This site focuses primarily on the Massachusetts Department of Public Health’s own compliance obligations under HIPAA as well as provides information to assure covered entities and the public of the Department's ability to continue to perform its public health and oversight functions.
  • Minnesota Department of Human Services -- This site contains mostly HIPAA information for provider partners, including information and tools for privacy and security.
  • New Mexico Coalition for Healthcare Information Leadership Initiatives (CHILI) -- New Mexico CHILI is a non-profit collaborative with the goal of reducing costs and simplifying communications in the health care industry. The site includes various HIPAA resources, a document library, and a desk reference document.
  • New York Department of Health -- This site contains mostly HIPAA information for provider partners, including a series of Notices of Privacy Practices for various state programs and a state preemption analysis.
  • North Carolina DHHS Security and Privacy -- This is a comprehensive site that contains manuals, policies and other documents relating to security and privacy.
  • HIPAA Ohio -- The State of Ohio’s HIPAA website is part of a cooperative project involving all of the state’s effected agencies and is intended to provide necessary information for those interested in HIPAA implementation from the governmental perspective. Managed by the Ohio Department of Job and Family Services, the Ohio HIPAA website provides links to summaries, decision tools, guides, presentations, sample forms and links to the Code of Federal Regulations as well as other HIPAA related sites.
  • South Carolina HIPAA Office -- This site contains information on all HIPAA topics, including privacy and security, and includes a number of tools and documents.
  • West Virginia Department of Health and Human Resources -- This site is for the state collaborative efforts and contain resources and training materials.
  • Washington Department of Health and Human Services -- This site primarily provides the practical tools for submission of HIPAA claims. There are links to vendor information and companion guides.
  • Wisconsin HIPAA Collaborative (HIPAA-COW) -- HIPAA-COW was established to assist all affected parties in achieving HIPAA compliance. The site has comprehensive coverage of all HIPAA topics and includes preemption analysis, tools and documents.
Administrative Data

Electronic data interchange (EDI) standards aim to simplify the administrative burden of health care and save money. The next three sections describe and link to Web sites with resources on administrative data, transactions and code sets.

    The Healthcare Cost and Utilization Project (HCUP) -- Is a family of administrative, longitudinal databases, Web-based products and software tools developed and maintained by the Agency for Healthcare Research and Quality (AHRQ) as part of a federal-state-industry partnership to build a standardized, multi-state health data system. This page includes links to tools, software, and data descriptions.
  • The DHHS Data Council -- Coordinates all health and non-health data collection and analysis activities of DHHS, including an integrated data collection strategy, coordination of health data standards, and health information and privacy policy activities. The Secretary has placed the Data Council in charge of the implementation of the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996.
  • Statement on Administrative Simplification by Bob Davis, New York State Department of Health -- Bob Davis manages New York’s Statewide Planning and Research Cooperative Systems, the state’s hospital discharge database.
  • DHHS Health Informatics Initiative -- DHHS has proposed a $20 million initiative in the FY 2001 budget concerning "Health Informatics: Improving Information for Decision Making." The ultimate goal of this initiative is to improve patient care and health outcomes through the efficient and effective use of data. The initiative will strengthen the information base for decision making and action in health through critical new crosscutting investment in health informatics approaches and applications.
  • About the National Committee on Vital and Health Statistics (NCVHS) and its work on functional status -- Functional status information cuts across NCVHS’s responsibility to advise DHHS on administrative and clinical data standards and population health.
Transactions
    Frequently asked questions on Transactions -- These questions and answers were prepared by the Office of the Assistant Secretary for Planning and Evaluation at the Department of Health and Human Services.
  • Frequently asked questions on Transactions (submitted by the public) -- These questions were submitted by the public to the Office of the Assistant Secretary of Planning and Evaluation at the Department of Health and Human Services. Answers to the questions are grouped by topic as well as chronologically, by the date posted to the website.
  • Association for Electronic Health Care Transactions (AFEHCT) -- AFEHCT is a an organization that promotes the interchange of electronic healthcare information in an open and secure environment. It supports the use of EDI to improve and reduce the cost of health care. The Web site has a section called "Washington Wire," a regularly published report by AFEHCT, that provides news regarding HIPAA issues and legislation.
  • Designated Standard Maintenance Organizations -- The Designated Standards Maintenance Organizations (DSMO) are the specific Data Content Committees (DCC) and Standards Development Organizations (SDOs) that have agreed to maintain those standards designated as national standards in the HIPAA Administrative Simplification standards for electronic transactions final rule including: Accredited Standards Committee X12 (X12); Dental Content Committee; Health Level Seven (HL-7); National Council for Prescription Drug Programs; National Uniform Billing Committee (NUBC); and National Uniform Claim Committee (NUCC). This Web site provides a database of frequently asked questions concerning HIPAA Transaction Standards.
  • Accredited Standard Committee X12 (ASC X12) home page -- ASC develops standards to facilitate electronic interchange related to business transactions such as order placement and processing, shipping and receiving information, invoicing, and payment and cash application data, and data to and from entities involved in finance, insurance, education, and state and federal governments. ASC X12 produces EDI standards. ASC X12N is the subcommittee responsible for EDI standards for the insurance industry.
  • Health Level Seven (HL-7) home page -- HL-7 provides standards for the exchange, management, and integration of data that support clinical patient care and the management, delivery, and evaluation of health care services. HL-7 is primarily concerned with movement within institutions or orders; clinical observations and data; including test results, admission, transfer and discharge records, and charge and billing information. HL-7 represents the most widely used standard for clinical content and patient care.
  • National Uniform Billing Committee (NUBC) -- The Secretary of the Department of Health and Human Services designated the NUBC as a Designated Standard Maintenance Organizations (DSMO). NUBC was formed to develop a single billing form and standard data set that could be used nationwide by institutional providers and payors for handling health care claims. NUBC has agreed to maintain the standards adopted by the Secretary under Administrative Simplification. One of the NUBC's major roles is to maintain the integrity of the UB-92 data set. In addition, NUBC serves as the forum for discussions that lead to mutually agreed data elements for the claim as well as the data elements for other claim related transactions.
  • DSMO Web site -- Demonstration of the Designated Standards Maintenance Organization Web site and progress reporting for the DSMO HIPAA change process.
  • Health Care EDI Transactions -- This business primer provides a general overview of how electronic data interchange (EDI) standards can be used by healthcare organizations. The report gives a brief introduction about the development of ASC X12 standards for electronic data interchange (EDI), describes the purpose of ASC X12 transaction sets, and provides examples of how these transactions can be used by healthcare providers, payer, and plan sponsors.
Code Sets
    Frequently asked questions on Code sets -- These questions were prepared by the Office of the Assistant Secretary for Planning and Evaluation and include a definition of code sets, listing of code sets that have been adopted as HIPAA standards, discussion of whether Health Care Procedure Coding System (HCPCS) Level 3 codes established on a local basis can still be used, and guidance to where one can obtain more information about code sets.
  • Health Care Procedure Coding System (HCPCS) -- Each year, in the United States, health care insurers process over five billion claims for payment. For Medicare and other health insurance programs to ensure that these claims are processed in an orderly and consistent manner, standardized coding systems are essential. HCPCS was developed for this purpose. HCPCS is divided into three principal subsystems, referred to as Level I, Level II, and Level III of the HCPCS.
  • List of provider taxonomy codes in HTML and PDF format.
  • Health Care Provider Taxonomy List -- The National Uniform Claim Committee (NUCC) is presently (as of 2001) maintaining the Health Care Provider Taxonomy List, which is used in the transactions specified in the Health Insurance Portability and Accountability Act (HIPAA).
  • Guide to Transactions and Code Sets -- Part of Phoenix Health System's HIPAAdvisory.com.
  • The National Center for Health Statistics (NCHS) site for Classification of Diseases and Functioning and Disability -- This site includes, but is not limited to the following: Mortality International Classification of Diseases, Ninth Revision (ICD-9); Morbidity International Classification of Diseases, Ninth Revision, Clinical Modification (ICD-9-CM); International Classification of Diseases, Tenth Revision (ICD-10); International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM); and Functioning and Disability International Classification of Functioning, Disability and Health (ICF).
  • National Council for Prescription Drug Programs (NCPDP) home page -- NCPDP is a Standards Development Organization whose mission is to create and promote data interchange standards for the pharmacy services sector of the health care industry, and to provide information and resources to educate industry and support the diverse needs of their members. The HIPAA final standards for electronic health care transactions, and for code sets, adopts the NCPDP Telecommunication Standard Format, Version 5.1 and the NCPDP Batch Standard, Version 1 Release 0 for pharmacy claims. Health plans, health care clearinghouses and health care providers who utilize electronic transactions will be required to use these standards.
  • American Health Information Management Association home page -– The Web site includes information on privacy issues training, coding training, planning and practice models, guidance on current issues, practices and professional conduct, and more.
HIPAA Implementation
    ANSI ASC X12N HIPAA Implementation Guides -- Download to use the HIPAA implementation guidances with free registration.
  • NCPDP SNIP Liaison Special Committee Recommendations -- These recommendations are for the implementation of Telecommunication Standard Version 5.1.
  • HIPAA GIVES -- This Web site provides suggestions for additional links to sites about HIPAA implementation. Government Information Value Exchange for States (GIVES) is a forum for state government agencies to discuss issues related to HIPAA compliance and to exchange deliverables, templates and information from their HIPAA initiatives. HIPAA GIVES has been established to meet the immediate need to exchange information, identify common government challenges and share solutions to attain HIPAA compliance. It hopes to minimize the duplication of efforts by individual states.
  • National Governors' Association Center for Best Practices -- The NGA Center for Best Practices’ mission is to develop and implement innovative solutions to public policy challenges. Searching under HIPAA brings up a list of policy papers summarizing all aspects of HIPAA and identifying implementation issues and challenges.
  • Workgroup for Electronic Data Interchange/Strategic National Implementation Process (WEDI/SNIP) -- This Web site provides suggestions for additional links to sites about HIPAA implementation. WEDI/SNIP is a collaborative health care industry-wide process resulting in the implementation of standards and furthering the development and implementation of future standards. Specifically, the WEDI HIPAA SNIP Task Group has been established to meet the immediate need to assess industry-wide HIPAA Administrative Simplification implementation readiness and to bring about the national coordination necessary for successful compliance. This site also provides WEDI-Strategic National Implementation Process (SNIP) papers on security and Privacy of health information.

HIPAA Plus Sites

HIPAA Plus sites are organized by general information about health data standards and resources describing National Electronic Disease Surveillance System (NEDSS), clinical and laboratory standards.

Health Data Standards General Information
    The American Health Information Management Association -- This organization consists of professionals engaged in health information management. The site offers very practical and usable information, mostly in the form of practice briefs with significant emphasis on privacy and security for persons working with medical, case and client records.
  • Information for Health: A Strategy for Building the National Health Information Infrastructure -- The Final Report (November 2001) by the National Committee on Vital and Health Statistics (NCVHS), includes an orientation to the National Health Information Infrastructure (NHII), a description of opportunities to improve health and health care, justification for standards, barriers to sharing data, and information on quality standards for online data.
  • Public Health Conceptual Data Model (PHCDM) -- The PHCDM documents information needs in public health, providing a framework for organizing data standards and guidelines and facilitating data comparability and exchange with other systems.
  • NAHDO Summary of Institutional Recommendations -- Prioritization of data needs for State encounter data sets for public health and research applications.
  • National Committee on Vital and Health Statistics (NCVHS) home page -- The Public Advisory Body to the Secretary of Health and Human Services. Includes a description of NCVHS, minutes, and live recordings of meetings. This homepage is also cited under "HIPAA General Information."
  • ISO (International Organization for Standardization) -- A network of national standards institutes from 140 countries working in partnership with international organizations, governments, industry, business, and consumer representatives; a bridge between public and private sectors.
Clinical Standards

Though clinical and laboratory data standards are not mandated by HIPAA, HIPAA does include the requirement that NCVHS develop recommendations for clinical and laboratory standards.

    The Partners Web site -- The National Information Center on Health Services Research and Health Care Technology (NICHSR) is participating with the American Public Health Association (APHA), the Association of Schools of Public Health (ASPH), ASTHO, CDC, the Health Resources and Services Administration (HRSA), NACCHO, the National Network of Libraries of Medicine (NN/LM) and the Public Health Foundation (PHF) in an initiative designed to improve information access for public health professionals. The Partners Web site includes tools for public health professionals and more information about the program. Why? To provide public health professionals timely, convenient access to information resources and to aid them in improving the health of the American public. Related slides on public health information needs and public health informatics and case studies on medicine and public health are also available.
  • Health Services/Technology Assessment Text (HSTAT) -- A free, Web-based resource that provides access to full-text documents useful for providing health information and for health care decision making. HSTATs audience includes health care providers, health service researchers, policy makers, payers, consumers and the information professionals who serve these groups. Provides access to a wide variety of publications, including: clinical practice guidelines, quick-reference guides for clinicians, consumer health brochures, evidence reports and technology assessments from the Agency for Healthcare Research and Quality.
  • Center for Medicare and Medicaid Services (CMS) Quality Improvement Initiatives -- CMS performs a number of quality-focused activities, including regulation of laboratory testing (CLIA), development of coverage policies, and quality-of-care improvement. The site provides a plethora of information related to ongoing quality improvement initiatives, complete with a site index and personnel directory.
  • Computer-based Patient Record Institute (CPRI) and Healthcare Open Systems and Trials (HOST) -- CPRI-HOST, a new operating unit of the Healthcare Information and Management Systems Society (HIMSS) (formerly a stand-alone organization), represents all stakeholders in health care focusing on clinical applications of information technology. It serves as a neutral forum for bringing diverse interests together to raise issues, exchange ideas, and develop common solutions for management of health information. HIMSS provides leadership in healthcare for the management of technology, information, and change through member services, education and networking opportunities and publications.
Laboratory
    Health Level Seven Specifications for Electronic Laboratory-Based Reporting of Public Health Information (please see page 24 of document) -- Proposed standard specification for implementing electronic communication of reportable information from laboratories to public health agencies using Health Level 7, a national standard for sharing health data (464KB PDF file). The specification recommends the use of standard codes for tests (LOINC) and results (SNOMED®).
  • LOINC database -- The purpose of the Logical Observations Identifiers Names and Codes (LOINC) database is to facilitate the exchange and pooling of results, such as blood hemoglobin, serum potassium, or vital signs, for clinical care, outcomes management, and research. Currently, most laboratories and other diagnostic services use HL-7 to send their results electronically from their reporting systems to their care systems. However, most laboratories and other diagnostic care services identify tests in these messages by means of their internal and idiosyncratic code values. Thus, the care system cannot fully understand and properly file the results they receive unless they either adopt the producer's laboratory codes (which is impossible if they receive results from multiple sources), or invest in the work to map each result producer's code system to their internal code system. The LOINC codes are universal identifiers for laboratory and other clinical observations that solve this problem.
  • SNOMED International -- A division of the College of American Pathologists (CAP) oversees the strategic direction and scientific maintenance of the Systematized Nomenclature of Medicine, better known as SNOMED®. SNOMED identifies procedures and possible answers to clinical questions, such as test results. Over the last 35 years, the SNOMED works have become recognized globally as a comprehensive, multiaxial, controlled terminology created for the indexing of the entire medical record.
Public Health Information Network (PHIN)
    Public Health Information Network (PHIN) -- The Public Health Information Network (PHIN) is the Center for Disease Control and Prevention’s vision for advancing fully capable and interoperable information systems in the many organizations that participate in public health. PHIN is a national initiative to implement a multi-organizational business and technical architecture for public health information systems. With the acceptance of information technology as a core element of public health, public health professionals are actively seeking essential tools capable of addressing and meeting the needs of the community.
  • PHIN Vocabulary Standards and Specifications -- PHIN Vocabulary Standards and Specifications is a key component in supporting the development and deployment of standards-based public health information systems. PHIN Vocabulary Standards and Specifications seek to promote the use of standards-based vocabulary within PHIN systems and foster the use and exchange of consistent information among public health partners. The use of PHIN Vocabulary Standards and Specifications ensures that vocabularies are aligned with PHIN standards and with appropriate industry and Consolidated Health Informatics Initiative (CHI) vocabulary standards.
  • National Electronic Disease Surveillance System (NEDSS) -- is an initiative that promotes the use of data and information system standards to advance the development of efficient, integrated, and interoperable surveillance systems at federal, state and local levels. It is a major component of the Public Health Information Network (PHIN).
  • Oregon Health Division -- This site provides information on the Oregon NEDSS project. Oregon received one of two Charter Site awards. The site also provides links to a plethora of downloadable NEDSS resources. Downloadable reports include the following: Supporting Public Health Surveillance through the National Electronic Disease Surveillance System

    • A Guide to the Implementation of the NEDSS in State Public Health Agencies
    • NEDSS Base System Description
    • NEDSS Systems Architecture
    • Common Data Elements Implementation Guide
    • Public Health Conceptual Data Model
    • Health Level Seven Specifications for Electronic Laboratory-Based Reporting of Public Health Information
    • Secure Data Network Standards and Procedures
    • Standards Approved by Internet Standards Committee
    • White Paper: Communicable Disease Surveillance Systems
  • June 28, 2001, presentation by Denise Koo, CDC, on NEDSS -- To quote the beginning, "the Centers for Disease Control and Prevention (CDC) has a vision of how advances in information technology can lead to better public health. Surveillance - the ongoing, systematic collection, analysis, and interpretation of health related data - is the foundation of CDCs prevention and control programs and is essential to program planning, implementation, and evaluation. However, we know that most current surveillance systems are neither complete nor timely."
  • Council of State and Territorial Epidemiologists -- This site links to a PDF file which is an easy to use guide on NEDSS. (The Oregon Health Division site also links to this guide.)