Skip to main content
HIPAA – Privacy and Security
CMS – HIPAA Provides a basic overview of HIPAA and the Administrative Simplification Standards
CMS – HIPAA Transaction and Code Set Standards The HIPAA transaction and code sets standards create a uniform way to perform electronic data interchange (EDI) transactions for submitting, processing, and paying claims. – Privacy and Security Provides resources to protect privacy and security of electronic health records (EHRs).
OCR – Health Information Privacy The federal Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, the HIPAA Secuirty Rule, and the HIPAA Breach Notification Rule. OCR’s website provides summaries and the full text of HIPAA rules, training materials, answers to frequently asked questions, information about filing complaints, and updates on OCR news and enforcement activities.
UNC Health – Information Security Provides information about sending Secure Email as well as a Customer Guide and forms relevant to Information Security at UNC Health.
UNC Health – Health Information Management Provides medical information policies and procedures, the medical information compliance plan, and an index of forms relating to PHI.
UNC – Research Compliance Program – HIPAA The University website provides an overview of HIPAA, HIPAA policies and forms for the University of North Carolina at Chapel Hill (including the UNC School of Medicine), and resources and information concerning HIPAA compliance in the research context.
UNC SOM – Information Security and Privacy The UNC School of Medicine website provides resources to protect confidentiality and promote information security awareness. The website includes reference information and tools to assist with Security and Privacy-related issues.
UNC – ITS Policies, Procedures and Guidelines Provides policies and information for the University of North Carolina at Chapel Hill concerning Security and appropriate use of information.


Mental and Substance Abuse Records
Part 242 CFR Part 2 (Part 2) Provides federal privacy protections for alcohol and drug abuse patient records; these protections are more stringent than HIPAA.
 NC Mental Health, Developmental Disabilities, and Substance Abuse Act Chapter 122C of the North Carolina General Statutes provides protections for confidential information acquired in attending or treating clients for mental health, developmental disabilities, and substance abuse.



Other State Laws
NC Bill of Patient Rights The Minimum Provisions of Patient’s Bill of Rights (10 A NCAC 13B3302) gives patients the right to have all records pertaining to his or her medical record treated as confidential except as otherwise provided by law or contractual agreement
NC Health Information Exchange Act This law regulates the use of the North Carolina health information exchange network for the secure electronic transmission of individually identifiable health information among health care providers, health plans, and health care clearinghouses.
NC Identity Theft Protection Act This law provides protections for use of consumer’s social security numbers and financial information, including notification requirements in the event of a security breach.