HIPAA Privacy and Security

Medical Management Associates, Inc. has worked closely with our clients to keep them aware of changes in the federal and state regulations that will affect the day-to-day operation of their organizations. We have been especially involved with assisting our clients to create and maintain compliance with regulations involving claims submission and reimbursement.


HIPAA compliance will be a constantly evolving process. Therefore, this site will also evolve to add updates, links and MMA created forms, assessment tools and manuals.


Please contact us if you would like MMA to help you with your staff training and other compliance activities to help assess your current level of compliance and devise corrective action strategies


HIPAA Privacy & Security


The Privacy and Security Rules apply only to covered entities. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If an entity is not a covered entity, it does not have to comply with the Privacy Rule or the Security Rule.


Covered Entities


A covered entity is one of the following:


A Health Care Provider*


This includes providers such as:


  • Doctors

  • Clinics

  • Psychologists

  • Dentists

  • Chiropractors

  • Nursing Homes

  • Pharmacies

*But only if they transmit information in an electronic form in connection with a transaction for which HHS has adopted a standard.


A Health Plan


This includes:


  • Health insurance Companies

  • HMOs

  • Company health plans

  • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs

A Health Care Clearinghouse


This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Are you a Covered Entity?


View an easy-to-use question and answer decision tool from HHS.


Guidance Materials for Small Providers, Small Health Plans, and other Small Businesses


View materials about the Privacy Rule for small providers, small health plans and other small businesses.

Guidance Materials for Covered Entities


  • Summary of the Privacy Rule – This is a summary of the key elements of the Privacy Rule, including who is covered, what information is protected, and how covered entities can use and disclose protected health information.


  • Guidance on Significant Aspects of the Privacy Rule – A collection of documents explaining many provisions of the Privacy Rule including business associates, special topics such as disclosures for public health and research, and incidental uses and disclosures.


  • Summary of the Security Rule – This is a summary of the key elements of the Security Rule, including what administrative, physical, and technical safeguards covered entities must have in place to protect the security of electronic protected health information.





  • Fast Facts for Covered Entities – Answers to many common questions and misconceptions about patient consent, incidental disclosures, child abuse reporting, electronic media, and other disclosures.




  • Sign Up for the OCR Privacy Listserv – OCR has established a listserv to inform the public about Privacy and Security Rule FAQs, guidance, and technical assistance materials as they are released.













Learn how MedGate can help you?

Sign Up