HIPAA privacy & security resources

AMA-developed resources walk physicians through what is needed to comply with the required HIPAA privacy and security rules. The step-by-step guidance helps practices understand these rules and participate in a formal HIPAA compliance plan designed to ensure all the requirements are met.

Subjects included are:

• Understanding the basics
• Knowing compliance requirements
• Prioritizing compliance activities
• Making notice of privacy practices meaningful
• Understanding the Breach Notification Rule
• Evaluating business associates
• Understanding the HIPAA Security Rule
• Knowing patients’ rights
• Limiting disclosures of PHI to the minimum necessary
• Being aware of significant penalties
• Looking to the AMA and website resources for updates
• Resources to help bolster your practice's cybersecurity

AMA developed resources

• Patient Access Playbook
• AMA Education Center: The Nuts and Bolts of Achieving HIPAA Security Rule Compliance through Effective Risk Assessment
• HIPAA privacy and security toolkit: helping your practice meet compliance requirements (PDF)
• What you need to know about the HIPAA breach notification rule (PDF)
• HIPAA Security Rule: FAQs regarding encryption of personal health information (PDF)
• HIPAA notice of privacy practices–Sample notice (DOCX)
• HIPAA privacy rights request form–Sample request for confidential communications regarding information (DOC)
• HIPAA business associate agreement–Sample notice (DOCX)
• AMA cybersecurity resources

This resource is provided for informational and reference purposes only and should not be construed as the legal advice of the American Medical Association. Specific legal questions regarding this information should be addressed by one's own counsel.

• Patient Privacy & HIPAA
• Private Practices
• Catalog of Topics