Skip to main content

Understanding HIPAA: OCR Publishes New Provider and Consumer Guides

Written by Kimberly Gold

(Originally posted in Mintz Levin's Health Law Policy Matters blog)

Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers.  Recognizing  the widespread confusion surrounding the interpretation of the rules, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released new tools to educate providers and consumers about HIPAA.Many consumers regularly sign a HIPAA Notices of Privacy Practice with little to no understanding of what the form actually says or means.  To help consumers understand their rights under the HIPAA Privacy Rule, OCR has developed consumer guides about HIPAA, which are available in eight languages.  These materials include information about individuals’ health information privacy rights, understanding the HIPAA Notice of Privacy Practices, and sharing health information with family members and friends.  Along with these fact sheets, OCR released seven consumer-facing videos on its YouTube channel.But OCR has not forgotten about providers who may also be grappling with HIPAA.  OCR released videos on its YouTube channel specifically for providers, covering topics such as establishing safeguards to protect patient information and to comply with the Security Rule’s requirements.  OCR also launched three modules for providers on compliance with the HIPAA Privacy and Security Rules:


  1. Patient Privacy: A Guide for Providers;
  2. HIPAA and You: Building a Culture of Compliance ; and
  3. Examining Compliance with the HIPAA Privacy Rule.

While these guides are not a substitute for legal advice, they should be helpful to providers and consumers.  The new tools also demonstrate OCR’s recognition that understanding HIPAA sometimes requires a little bit of help.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.