You are using an outdated browser. Please upgrade your browser to improve your experience.

You are here


The ACP has put together the following resources to help members understand and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification rules, including the Omnibus, Breach Notification, and the Enforcement Rules. Manuals can be used for practice assessments, as a framework for staff training, customizable forms and checklists, as well as for background information and reference.

HIPAA and Administrative Simplification Overview

Privacy Rule

The HIPAA Privacy Rule requires safeguards to protect the privacy of personal health information. These resources help physician practices comply with the rules.

Security Rule

Security Rules require practices to protect all patient information that is stored, received, or transmitted electronically.

Breach Notification

The HITECH Breach Notification Rule requires HIPAA-covered entities to notify HHS of a breach of unsecured protected health information.

  • Breach Notification Regulations - The Office of Civil Rights is responsible for enforcing this rule.
  • Breach Notification Guide (members only) - This guide provides everything you need to do in the event of a breach of unsecured protected health information (PHI) within your practice.
  • Breach Report Portal - This online portal allows users to submit a notice of breach of unsecured protected health information to the Secretary of HHS.


Links to other HIPAA and Administrative Simplification Resources

The following resources offered by other reputable organizations offer some additional information and alternatives to those included above.

Government Links

These information pages from the Office of Civil Rights (OCR) and the Centers for Medicare and Medicaid Services (CMS) offer well organized web pages, including easily searchable FAQs, regarding all parts of HIPAA.