HIPAA Resources

2019 – OCR Year In Review Synopsis – click the Download icon to the right to view or download this helpful synopsis of the Office for Civil Rights 2019 enforcement actions that includes those entities receiving Civil Monetary Penalties(CMP) and Corrective Action Plans (CAPs). This material, along with additional key points, will be presented during an April 2020 WEDI/EHNAC Webinar together with representatives from the Office for Civil Rights (OCR). Check out this “quick reference” guide to find your own key recommendations and use lessons learned from others to improve your own organizational compliance.

Other Resource Links and Materials – EHNAC’s self-governing body assures our privacy and security programs are built on industry accepted standards. The following information may be used to research specific content which supports our programs:

  1. NIST – National Institute for Standards Technology (NIST). NIST sets forth many insightful Special Publications supporting technology and specifically technology supporting healthcare. The Special Publications often used are listed, but not limited to the following. When searching NIST, be sure to look for the most recent version as documents are often revised as changes occur.
    Also search for:
    Special Publication 800-66 (An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule);
    800-53 (Security and Privacy Controls for Federal Information Systems and Organizations;
    800-171 (Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations) and CyberSecurity Framework  found at https://www.nist.gov/cyberframework
  2. OCR The Office for Civil Rights oversees HIPAA/HITECH Privacy and Security enforcement. When interested in detailed regulatory materials or the latest recommendations search the following pages. Note: OCR published Frequently Asked Questions which come in handy when resolving compliance issues and may be referenced within your own documentation.
  3. OCR Enforcement & Breach Reporting – A current listing of those organizations reporting breach situations and/or those under investigation by OCR can be found at