Skip Navigation

When did covered entities have to meet these HIPAA privacy standards?


As Congress required in HIPAA, most covered entities had until April 14, 2003 to come into compliance with these standards, as modified by the August, 2002 final Rule. Small health plans had an additional year – until April 14, 2004 – to come into compliance.

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is providing assistance to help covered entities prepare to comply with the Rule. For example, OCR maintains a web site with helpful information, such as the Guidance, Frequently Asked Questions, sample “business associate” contract provisions, significant reference documents, and other technical assistance information for consumers and the health care industry, at

Date Created: 12/19/2002
Last Updated: 11/27/2006