Toolkits & Resources

Confidentiality for Health Centers Toolkit

Tools to help Health Centers build or improve their HIPAA Privacy program and comply with 42 CFR Part 2.

Workshops & Trainings

We hope to resume in-person events soon, but until it is safe to do so, we will keep all trainings in our virtual classroom. Once we reopen, we will offer both a virtual and an in-person attendance option. Read the latest updates here.


    This new series introduces the key compliance requirements for health centers under the HIPAA Privacy, Security and Breach Notification Rules – from the Privacy Rule requirements for disclosing protected health information (PHI) and responding to patient requests, to the Security Rule requirements for conducting security risk analyses and limiting access to electronic PHI to investigating and reporting breaches.

    Providing SUD Services: Compliance and Risk Management

    This workshop will help health centers and their staff identify and address key and emerging risk areas related to providing services in response to the opioid epidemic. In addition, we will cover the federal confidentiality requirements for certain substance use disorder records (42 CFR Part 2).

    Webinar Series: HIPAA Privacy for Health Centers

    RECORDED SERIES: HIPAA Privacy for Health Centers Webinar Series
    Part I: Required HIPAA Compliance Program Elements; Disclosing the Minimum Necessary
    Available Now!60 min
    Part II: Using and Disclosing PHI without Patient Consent
    Available Now!60 min
    Part III: Patient Authorization to Use and Disclose PHI; Notice of Privacy Practices
    Available Now!60 min
    Part IV: Responding to Patient Requests: Access, Amendments, and Restrictions
    Available Now!60 min
    Part V: Business Associates: Identification and Compliance RequirementsAvailable Now!60 min