HIPAA Compliance Guide
§ 160.316 Refraining from intimidation or retaliation
HIPAA Compliance Guide
- What is HIPAA?
- What is a HIPAA BAA?
Regulations
General Administrative Requirements
Subpart A: General Provisions
Subpart B: Preemption Of State Law
Subpart C: Compliance and Investigations
§ 160.300Applicability§ 160.304Principles for achieving compliance§ 160.306Complaints to the Secretary§ 160.308Compliance reviews§ 160.310Responsibilities of covered entities and business associates§ 160.312Secretarial action regarding complaints and compliance reviews§ 160.314Investigational subpoenas and inquiries§ 160.316Refraining from intimidation or retaliation
Subpart D: Imposition of Civil Money Penalties
§ 160.400Applicability§ 160.401Definitions§ 160.402Basis for a civil money penalty§ 160.404Amount of a civil money penalty§ 160.406Violations of an identical requirement or prohibition§ 160.408Factors considered in determining the amount of a civil money penalty§ 160.410Affirmative defenses§ 160.412Waiver§ 160.414Limitations§ 160.416Authority to settle§ 160.418Penalty not exclusive§ 160.420Notice of proposed determination§ 160.422Failure to request a hearing§ 160.424Collection of penalty§ 160.426Notification of the public and other agencies
Subpart E: Procedures for Hearings
§ 160.500Applicability§ 160.502Definitions§ 160.504Hearing before an ALJ§ 160.506Rights of the parties§ 160.508Authority of the ALJ§ 160.510Ex parte contacts§ 160.512Prehearing conferences§ 160.514Authority to settle§ 160.516Discovery§ 160.518Exchange of witness lists, witness statements, and exhibits§ 160.520Subpoenas for attendance at hearing§ 160.522Fees§ 160.524Form, filing, and service of papers§ 160.526Computation of time§ 160.528Motions§ 160.530Sanctions§ 160.532Collateral estoppel§ 160.534The hearing§ 160.536Statistical sampling§ 160.538Witnesses§ 160.540Evidence§ 160.542The record§ 160.544Post hearing briefs§ 160.546ALJ's decision§ 160.548Appeal of the ALJ's decision§ 160.550Stay of the Secretary's decision§ 160.552Harmless Error
Administrative Requirements
Subpart A: General Provisions
Subpart D: Standard Unique Health Identifier For Health Care Providers
§ 162.404Compliance dates of the implementation of the standard unique health identifier for health care providers§ 162.406Standard unique health identifier for health care providers§ 162.408National Provider System§ 162.410Implementation specifications: Health care providers§ 162.412Implementation specifications: Health plans§ 162.414Implementation specifications: Health care clearinghouses
Subpart E: Standard Unique Health Identifier For Health Plans
§ 162.504Compliance requirements for the implementation of the standard unique health plan identifier§ 162.506Standard unique health plan identifier§ 162.508Enumeration System§ 162.510Full implementation requirements: Covered entities§ 162.512Implementation specifications: Health plans§ 162.514Other entity identifier
Subpart F: Standard Unique Employer Identifier
Subpart I: General Provisions For Transactions
§ 162.910Maintenance of standards and adoption of modifications and new standards§ 162.915Trading partner agreements§ 162.920Availability of implementation specifications and operating rules§ 162.923Requirements for covered entities§ 162.925Additional requirements for health plans§ 162.930Additional rules for health care clearinghouses§ 162.940Exceptions from standards to permit testing of proposed modifications
Subpart J: Code Sets
Subpart K: Health Care Claims Or Equivalent Encounter Information
Subpart L: Eligibility For A Health Plan
Subpart M: Referral Certification And Authorization
Subpart N: Health Care Claim Status
Subpart O: Enrollment And Disenrollment In A Health Plan
Subpart P: Health Care Electronic Funds Transfers (EFT) And Remittance Advice
Subpart Q: Health Plan Premium Payments
Subpart R: Coordination Of Benefits
Subpart S: Medicaid Pharmacy Subrogation
Security and Privacy
Subpart A: General Provisions
Subpart C: Security Standards For The Protection Of Electronic Protected Health Information
§ 164.302Applicability§ 164.304Definitions§ 164.306Security standards: General rules§ 164.308Administrative safeguards§ 164.310Physical safeguards§ 164.312Technical safeguards§ 164.314Organizational requirements§ 164.316Policies and procedures and documentation requirements§ 164.318Compliance dates for the initial implementation of the security standards
Subpart D: Notification In The Case Of Breach Of Unsecured Protected Health Information
Subpart E: Privacy Of Individually Identifiable Health Information
§ 164.500Applicability§ 164.501Definitions§ 164.502Uses and disclosures of protected health information: General rules§ 164.504Uses and disclosures: Organizational requirements§ 164.506Uses and disclosures to carry out treatment, payment, or health care operations§ 164.508Uses and disclosures for which an authorization is required§ 164.510Uses and disclosures requiring an opportunity for the individual to agree or to object§ 164.512Uses and disclosures for which an authorization or opportunity to agree or object is not required§ 164.514Other requirements relating to uses and disclosures of protected health information§ 164.520Notice of privacy practices for protected health information§ 164.522Rights to request privacy protection for protected health information§ 164.524Access of individuals to protected health information§ 164.526Amendment of protected health information§ 164.528Accounting of disclosures of protected health information§ 164.530Administrative requirements§ 164.532Transition provisions§ 164.534Compliance dates for initial implementation of the privacy standards
HIPAA Compliance: The Guide for Startups
Explosive growth in digital health over the last few years means there are many developers and managers who haven’t worked under HIPAA before. This guide is written for startups (and small businesses operating online) who could use some help with the basics of HIPAA compliance.
A covered entity or business associate may not threaten, intimidate, coerce, harass, discriminate against, or take any other retaliatory action against any individual or other person for
(a) Filing of a complaint under § 160.306;
(b) Testifying, assisting, or participating in an investigation, compliance review, proceeding, or hearing under this part; or
(c) Opposing any act or practice made unlawful by this subchapter, provided the individual or person has a good faith belief that the practice opposed is unlawful, and the manner of opposition is reasonable and does not involve a disclosure of protected health information in violation of subpart E of part 164 of this subchapter.
[71 FR 8426, Feb. 16, 2006, as amended at 78 FR 5691, Jan. 25, 2013]
Product
PricingFully-Managed Security for Your Cloud InfrastructureProve Compliance and Pass Security AuditsReliable DevOps Without the Overhead© 2022 Aptible Inc.
548 Market St #75826
San Francisco, CA
94104-5401
United States
San Francisco, CA
94104-5401
United States