The information below on the implications of the HIPAA legislation on fundraising for healthcare institutions is intended to provide guidance, but should not be incorporated directly into a fundraising program without advice of legal counsel. Many institutions are governed by relevant state legislation, as well as federal law, and the specific character and governance structure of each individual institution will have an impact on institutional response to HIPAA.
HHS Releases HIPAA Privacy and Security and Breach Notification Rules
On January 17, 2013, the Department of Health and Human Services (HHS) Office of Civil Rights released the prepublication copy of the final rules on the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security and Breach Notification and the Genetic Information Non-discrimination Act (GINA). You can read the full publication on the Federal Register's website.
Association for Healthcare Philanthropy (AHP)
The AHP Web site is a great resource for articles, advice, and updates on fundraising under HIPAA.
The American Recovery and Reinvestment Act of 2009 - What Health Care Fundraisers Need to Know
AHP outlines the changes that were made to HIPAA privacy and security regulations under the U.S. Stimulus Bill (H.R.1). While none of the changes has any significant impact on health care fundraising, development offices should be aware of the revisions and the implications. Download The American Recovery and Reinvestment Act of 2009 - What Health Care Fundraisers Need to Know (PDF)
Commonly Asked Questions About HIPAA
A collections of key questions and answers about HIPAA as it relates to fundraising. Learn More.
Fundraising Under HIPAA – The Privacy Rule – AHP’s Special Analysis (PDF)
This article presents a very clear overview of HIPAA and its requirements for fundraising. Download the Fundraising Under HIPAA - The Privacy Rule - AHP's Special Analysis (PDF)
Sample Business Associate Agreement
The U.S Department of Health & Human Services provides sample business associate contract provisions to help covered entities comply with the business associate contract requirements of the Privacy Rule.