Suggested Content

Free & Charitable Clinic HIPAA Toolbox

This Free & Charitable Clinic HIPAA Toolbox was designed specifically for free and charitable clinics by Ropes & Gray, a law firm focusing on healthcare. The Toolbox is intended to assist free and charitable clinics with understanding and complying with HIPAA requirements. Click on the first link, Guide to HIPAA Toolbox, for a snapshot of the Toolbox components. 

  • Guide to the HIPAA ToolBox: This Guide is a printable version of the components of the Toolbox and futher describes the documents below.
  • HIPAA Frequently Asked Questions: Start here after reviewing the ToolBox Guide above to answer questions including, “Does HIPAA apply to free clinics?”
  • HIPAA Guide: This Guide summarizes current HIPAA Privacy, Security, Data Breach Notification, and Enforcement Rule requirements regarding common situations relevant to Covered Entities.
  • Sample HIPAA Training: This training covers the HIPAA Privacy Rule, Security Rule, Data Breach Notification Rule and the Enforcement Rule at a high level and can be used as part of a HIPAA’ Covered Entity’s obligations to train and refresh workforce members’ understanding of their HIPAA obligations.
  • HIPAA Compliance Self-Assessment Checklist: This checklist sets forth Covered Entity’s HIPAA requirements for use in a self-evaluation of its HIPAA compliance and opportunities for future improvement.
  • HIPAA Template Authorization Form for Disclosure of PHI: This form should be modified to include contact information for the Covered Entity’s designated Privacy Official.
  • HIPAA Template Business Associate Form: This form contains sample language for the negotiation with a business associate.
  • HIPAA Template Notice of Privacy Practices Form: This form should be modified to reflect a Covered Entity’s privacy practices.
  • HIPAA Audit Program Protocol: This protocol, published by the HHS Office for Civil Rights (“OCR”), provides insight into the OCR’s interpretation of regulatory requirements and may help a Covered Entity prepare for some questions that it might receive if it is the subject of an audit in the future. Note that this protocol has not yet been amended to reflect the Omnibus Final Rule’s amendments to the HIPAA regulations.
  • HIPAA Omnibus Presentation: This presentation describes the Omnibus Rule’s changes to the HIPAA regulations that are relevant to Covered Entities and can be used to update workforce members on regulatory developments. It is intended for an audience that has already received basic HIPAA training.

This ToolBox was generously funded by the GE Foundation with additional funding from and support by the National Association of Free and Charitable Clinics.