Skip to Main Content
NY.gov Portal State Agency Listing Search all of NY.gov
Ann Marie T. Sullivan, M.D., Acting Commissioner
Governor Andrew M. Cuomo

Information for Consumers
General Rules

What Do You Need to Know?

Q: What is HIPAA?

A: HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. Title I of this act improves the portability and continuity of health insurance coverage for workers and their families when they change or lose their jobs. Title II promotes 'administrative simplification' to make the nation's health care system more efficient by establishing

  • national standards for electronic health care transactions, and
  • national standards for the privacy and security of electronically transmitted patient health information.

Tip: Copies of the final rules can be downloaded from the CMS/HHS HIPAA website, at http://www.cms.gov/HIPAAGenInfo/02_TheHIPAALawandRelated Information.asp Leaving OMH site, under Regulations and Standards.

Q: Who must comply with HIPAA?

A: The HIPAA rules require health care organizations - physicians, hospitals, dentists, pharmacists, mental health clinics, therapists, psychiatrists or any other health care provider, health plans (including managed care plans), public health authorities and health care payers - that conduct their business electronically to adopt the new HIPAA standards.

In New York State, most health care providers - your primary care physician, dentist, pharmacist, mental health provider including the Office of Mental Health - must comply with these rules. The only health care businesses exempt from the HIPAA rules are those that do not engage in electronic transmission of 'individually identifying health information' (i.e., they bill on paper).

Ask your doctor, mental health provider, pharmacist and dentist if they are covered under the HIPAA rules.

Q: What is Protected Health Information (PHI )?

A: PHI means individually identifiable information relating to the past, present or future physical or mental health condition of an individual, provision of health care to an individual, or the past, present or future payment for health care provided to an individual. HIPAA privacy standards cover medical records, health care claims and payments, benefit enrollments and disenrollments and any other individually identifiable health information held or disclosed by health plans, health care clearing houses and health care providers that transmit PHI electronically.

Q: When must covered entities be in compliance with the different HIPAA standards?

A: Privacy Standards - April 14, 2003
Standards for Electronic Transactions (EDI) - October 16, 2003
Security Standards - April 21, 2005

Tip: For more detailed description of the HIPAA standards, how they will impact your business operations and for additional resource materials, visit the Privacy, EDIand Security links in the Info for Counties and Providers website.

Q: What does the HIPAA legislation do for mental health consumers?

A: A cornerstone of the HIPAA legislation is the protection and safeguarding of the confidentiality and integrity of "individually identifiable health information," past, present or future.

The notion of confidentiality of individually identifying health information, particularly mental health information, is not new to the public mental health sector. In fact, it has been long recognized that inappropriate disclosure of a person's mental health information can result in that person being subjected to prejudice and stigma. Effective and lasting mental health therapy can take place only in an environment of privacy and trust in which the patient knows that his/her statements will be safeguarded and held in strictest confidence. New York State currently has some of the most restrictive patient confidentiality laws in the country.

Comments or questions about the information on this page can be directed to the Office of the Counsel.