Resources

These are authoritative external resources from HHS, OCR, and NIST — useful if you want to read the official source material or go beyond the HIPAA Security Rule floor. HIPAAPath does not own these resources, and they are not legal advice. Links open in a new tab.

Official HHS & OCR resources

Primary source material from the agencies that write and enforce the HIPAA rules.

• HHS Model Notices of Privacy Practices

  Ready-to-customize Notice of Privacy Practices templates published by HHS, if you need to give patients an NPP.

• HHS Breach Notification Rule

  The official rule on what counts as a breach and the steps required if protected health information is exposed.

• HHS Security Rule guidance

  A collection of HHS guidance documents on meeting the HIPAA Security Rule safeguards.

• OCR Breach Portal

  The federal portal where a covered entity reports a breach of protected health information to HHS.

Security standards & frameworks

Optional references for going beyond the Security Rule floor. Not required by HIPAA.

• NIST SP 800-66 Rev. 2

  The NIST cybersecurity resource guide for implementing the HIPAA Security Rule, and the source behind many of these safeguards.

• NIST Cybersecurity Framework (CSF)

  A widely used framework for understanding and improving how an organization manages cybersecurity risk.

• HHS HPH Cybersecurity Performance Goals

  Voluntary healthcare-sector cybersecurity performance goals from HHS, a practical checklist for strengthening defenses.