Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides provisions on the disclosure and use of an individual's health information.  The MHCC provides resources to assist the health care industry in complying with the HIPAA rules for privacy and security.  Users of this information are encouraged to implement the HIPAA privacy and security standards in a manner that is reasonable and consistent with their organizational structure.  HIPAA protects the confidentiality of a person’s identifiable health information via electronic media. This regulation: 

  • Gives patients control over the use of their health information;
  • Defines the boundaries for the use and disclosure of health records by covered entities, which can include a health plan, healthcare clearinghouse, and a healthcare provider
  • Establishes standards that healthcare providers must comply with
  • Limits the use of personal health information (PHI) and minimizes the chances of inappropriate disclosure;
  • Makes provisions for investigating compliance-related issues and holds violators accountable with civil or criminal penalties for violating the privacy of an individual PHI; and
  • Supports the cause of disclosing PHI without individual consent for individual healthcare needs, public benefit, and national interests 


The MHCC has developed the following documents that provide guidance in understanding and implementing HIPAA

  • Key HITECH Changes to HIPAA 
    The Health Information Technology for Economic and Clinical Health Act (HITECH or Act) was passed by the federal government under the American Recovery and Reinvestment Act of 2009. HITECH represents a historic investment in health information technology to improve the quality of health care delivery and patient care. HITECH made changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), particularly with regards to strengthening the privacy and security of protected health information (PHI) and increasing the penalties for violations of HIPAA. This chart summarizes key modifications to HIPAA by HITECH, which began to take effect in 2010.
  • State versus Federal Comparison:  HIPAA Privacy Statute & Regulation
    This document compares the similarities and differences in regulations addressing privacy of health care information between the Maryland Confidentiality Of Medical Records Act (MCRMA) and the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
  • CMS HIPAA Security Guidance: Portable Devices and External Systems or Hardware  
    This document provides information on how a covered entity and Business Associate may protect electronic protected health information (EPHI) when accessed or used offsite, or outside the organization’s physical environment.  These guidelines on the remote access to or use of EPHI places emphasis on:  risk analysis and risk management strategies; policies and procedures for safeguarding EPHI; and security awareness and training on the policies and procedures for safeguarding EPHI.
  • HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health (HITECH) Act  
    The flyer summarizes the changes with the passage of the HITECH Act to the HIPAA Privacy Rule that require covered entities, including Business Associates, provide to an individual an accounting regarding disclosure of one’s PHI that are likely to impact their personal and legal interests, and the right for an individual to receive a report that indicates who has accessed their electronic PHI.  
  • National Provider Information (NPI) Timeline  
    This document discusses the requirements for health care providers who are considered a HIPAA covered entity to obtain and use standard unique identifiers or an NPI with the submission of HIPAA standard electronic transactions, which include electronic claims, eligibility, claim status, or remittance  
  • More information available at:

Last Updated:  August 7, 2014