Standards for Privacy of Individually Identifiable Health Information and Supporting Regulations at 45 CFR Parts 160 and 164

OMB 0945-0003

The individually identifiable health information collected is used by patients and by more than 500,000 covered entities affected by the HIPAA Privacy Rule. The information is routinely used by covered entities for treatment, payment, and health care operations. In addition, the information is used for specified public policy purposes, including research, public health, and as required by other laws.

The latest form for Standards for Privacy of Individually Identifiable Health Information and Supporting Regulations at 45 CFR Parts 160 and 164 expires 2023-01-31 and can be found here.

Latest Forms, Documents, and Supporting Material

Document Name
2024_04_30_HIPAA RHC Privacy FR_ICR_Supporting_Statement CLEAN.docx Supporting Statement A
Attestations requiring additional action
Attestations requiring investigation review
Notice of Privacy Practices for Protected Health Information―Mailing notice to 10% of subscribers at a rate of 240 notices/hour
164.509 Disclosures for which attestation is required
164.530 Administrative Requirements―Training― 164.525 Update training content
164.530 Administrative Requirements-Policies & Procedures (new and updated)
164.520 Notice of Privacy Practices for Protected Health Information― Post updated notice online
164.520 Notice of Privacy Practices for Protected Health Information―Updating
164.509 Uses and Disclosures for which an Attestation is Required―Creating New Form
164.504 Revising Business Associate Agreements
Business Associate Notice to Covered Entity – Less than 500 affected individuals
Business Associate Notice to Covered Entity – 500 or more affected individuals
Less than 500 Affected Individuals (investigating and documenting breach) breaches affecting
Less than 500 Affected Individuals (investigating and documenting breach)
500 or More Affected Individuals (investigating and documenting breach)
Notice to Secretary (notice for breaches affecting fewer than 500 individuals)
Notice to Secretary (notice for breaches affecting 500 or more individuals)
Media Notice
Individual Notice-Substitute Notice (individuals' voluntary burden to call toll-free number for information)
Individual Notice-Substitute Notice (staffing toll-free number)
Individual Notice- Substitute Notice (posting or publishing)
Individual Notice-Written and E-mail Notice(processing and sending)
Individual Notice-Written and E-mail Notice (preparing and documenting notification)
Individual Notice- Written and E-mail Notice (drafting)
Documentation - Review and Update
Security Incidents- Business Associate reporting of incidents (other than breach) to Covered Entities
Maintenance Records
Contingency Plan- Criticality Analysis
Contingency Plan- Testing and Revision
Security Incidents (other than breaches)- Documentation
Security Reminders- Periodic Updates
Information System Activity Review- Documentation
Risk Analysis-Documentation
Rights to request privacy protection for protected health information
Accounting for Disclosures of Protected Health Information
Amendment of Protected Health Information (denials)
Amendment of Protected Health Information (requests)
Access of Individuals to Protected Health Information (copies of PHI)
Notice of Privacy Practice for Protected Health Information (Health plans- periodic distribution of NPPs by electronic mail)
Notice of Privacy Practices for Protected Health Information (health care providers - dissemination/acknowledgement
Notice of Privacy Practices for Protected Health Information/health plan distribution paper mail
Uses and Disclosures for Research Purposes
Uses and Disclosures for which Individual authorization is required
Uses and Disclosures-Organizational Requirement
Process for Requesting Exception Determinations (states or persons)

All Historical Document Collections

202401-0945-002 Approved without change	Revision of a currently approved collection	2024-04-30
202304-0945-001 Comment filed on proposed rule and continue	Revision of a currently approved collection	2023-04-18
202211-0945-003 Approved with change	Extension without change of a currently approved collection	2023-01-23
202211-0945-001 Comment filed on proposed rule and continue	Revision of a currently approved collection	2022-12-02
202011-0945-001 Comment filed on proposed rule and continue	Revision of a currently approved collection	2021-03-01
201909-0945-001 Approved with change	Extension without change of a currently approved collection	2019-09-30
201710-0945-002 Approved without change	No material or nonsubstantive change to a currently approved collection	2017-10-17
201603-0945-001 Approved without change	Revision of a currently approved collection	2016-06-10
201309-0945-001 Approved without change	Revision of a currently approved collection	2013-09-10
201302-0945-001 Approved without change	Extension without change of a currently approved collection	2013-02-01

OMB Details

Process for Requesting Exception Determinations (states or persons)

Federal Enterprise Architecture: Health - Health Care Services