Patient’s Guide to HIPAA – Overview: Where Else Can I Find Help?




You are reading the Patient’s Guide to HIPAA, FAQ 2

HIPAA Guide Quick Links:



FAQ 2: Where Else Can I Find Help?

If you want the official view – as well as the text of the federal health rule known as HIPAA and related materials – go to the website of the Office of Civil Rights (you will often see this office referred to as its acronym, OCR) of the federal Department of Health and Human Services (HHS) at The website offers fact sheets, FAQs, formal summaries of the HIPAA privacy rule, and more. The official materials are formal and even useful at times, but there is a lot to wade through. We seek to tell it like it is. The Office of Civil Rights tells it like it is supposed to be. Both views have relevance.

Why does responsibility for the federal health privacy rule rest with the Office of Civil Rights?  The Department had to put the health privacy function somewhere, and it chose the Office of Civil Rights. The Office of Civil Rights is also supposed to enforce violations of the HIPAA privacy rule. Some complained that the Office of Civil Rights was not focused on health privacy. It didn’t bring enforcement actions for years after the health care world had to comply with health privacy rule. However, enforcement by OCR has been much more aggressive recently, and you have a reasonable chance that your complaint will receive appropriate attention. In fact, there’s a much greater chance that a health privacy complaint at OCR will result in an investigation than a similar privacy complaint will result in action by the Federal Trade Commission.

You can find other guides to HIPAA on the Internet. However most of them are for health care providers like hospitals and doctors trying to comply with the law. Hospitals and health plans sometimes offer patient-oriented privacy materials. Overall, we were surprised at how few free, detailed patient-oriented materials are available.

The Center on Medical Record Rights and Privacy at Georgetown University’s Health Policy Institute has a good website that concentrates on patient access rights., but we’re not sure how up-to-date the information is The Privacy Rights Clearinghouse ( has a wealth of useful materials on privacy in general as well as some facts sheets on medical privacy ( The Center for Democracy and Technology has health privacy policy materials at The Center for Law, Ethics, and Applied Research in Health Information at Indiana University also has a variety of useful materials on health privacy at

Consumer Action has materials on health privacy for California patients. That information is also available in Spanish. Consumer Action has other health privacy resources as well.

The HIPAA rule may not be the only health privacy law relevant to you. The federal HIPAA rule establishes a “floor” of privacy protection. If state law or another federal law gives you more rights, greater access to your medical records, more limits on disclosure, or lower fees for copies of your medical records, then those other laws supersede HIPAA. This can be very important at times. The Center for Law, Ethics, and Applied Research in Health Information at Indiana University’s database on state health privacy laws  ( has citations of state health privacy laws and may be the most up-to-date resource. Once you have the citations, you have to look to find the laws. Knowing where to look is half the battle, however. There are Internet resources for state law in many places. There’s a very expensive state law resource at, but you might be able to do a few free searches. Always, look carefully to see if the information on these websites is current. It may be hard to tell.

Be aware that state laws change, and the information on any state law website can be outdated. Pay attention to the dates of any discussion of state laws.

If the Privacy Act of 1974, a law applicable to federal agencies like Medicare and the Department of Veterans Affairs, is relevant to you, you can find a guide at Federal agencies subject to HIPAA and the Privacy Act of 1974 must give you the best of both laws.


Roadmap: Patient’s Guide to HIPAA: Part 1: Learning About HIPAA (FAQ 2 of 65)

Jump to list of FAQs 1-65 | See all of Part 1