HIPAA Compliance

The following forms and information are designed to help practitioners comply with the requirements of the Health Insurance Portability and Accountability Act ("HIPAA"). The HIPAA Privacy and Security Rules are federal law. The Privacy Rule gives individuals rights over their health information and sets rules and limits on who can look at and receive health information. The Security Rule delineates safeguards to protect health information in electronic form and helps to ensure that electronic protected health information is secure. Individuals, organizations, and agencies that meet the definition of a "covered entity" must comply with HIPAA. An optometrist is considered a "covered entity" if he/she transmits any information in an electronic form in connection with a transaction for which HHS has adopted a standard. For example, submitting an electronic claim to Medicare or another payer is such a transaction.



HIPAA Forms Disclaimer

The American Optometric Association is providing these forms to its members and affiliates as a resource. They are not intended to suit all optometry practices or to constitute legal advice. You should review the forms in consultation with your legal counsel and make any necessary changes to the forms to ensure that they suit your particular practice.  Some states have privacy laws that are more stringent than HIPAA, although this is not typical.  If an applicable state privacy law is more protective of patient health information than HIPAA, practitioners should follow the state law with regard to that requirement.  This can be done either by revising the AOA privacy form, developing an addendum to the form addressing the state requirements, or creating or purchasing a separate, state-specific form. Ask your state association or legal advisor for advice.



AOA Frequently Asked HIPAA Questions

                     • Summary of the Privacy Rule

                     • Guidance on Significant Aspects of the Privacy Rule