Health Insurance Portability and Accountability Act (HIPAA) Title II was enacted in 1996 by the US Congress and contains two rules:  Privacy Rule and Security Rule.  The HIPAA Privacy rule protects personal health information held by covered entities and gives patients an array of rights with respect to their information, while the Security Rule specifies a series of administrative, physical, and technical safeguards that gives broad guidelines to assure the confidentiality, integrity, and availability of electronic protected health information. Under HIPAA, the Department of Health and Human Services (HHS) are required to establish national standards for electronic health care transactions and national identifiers for not only providers, but for health plans and employers to protect individually identifiable health information.

If a health center fails to cooperate, they face fines of $50,000(minimum) a day with an annual maximum of $1,500,000 for the same violations.


OKPCA provides HIPAA Technical Assistance through:

For more information, including pricing structure, please contact OKPCA.

OIG and HRSA Audit


  Breaches Affecting 500 or More Individuals

 Department of Health and Human Services

  HHS HIPAA Audit Program Protocol

  OCR Risk Analysis Guidance

  Office for Civil Rights