The U.S. Department of Health and Human Services (HHS) issued the Privacy Rule to implement the
requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Privacy Rule
standards address the use and disclosure of individuals health information called 'protected health information'
by organizations subject to the Privacy Rule called covered entities, as well as standards for individuals
privacy rights to understand and control how their health information is used. Within HHS, the Office for
Civil Rights ('OCR') has responsibility for implementing and enforcing the Privacy Rule with respect to
voluntary compliance activities and civil money penalties. You are about to enter a site that contains
protected health information. It is your responsibility to implement, maintain, and use appropriate administrative,
technical, and physical safeguards to prevent the improper use or disclosure of all PHI, in any form or media,
received from or created or received by SafetyPAD Enterprise users on behalf of your agency. The Office of Civil
Rights (OCR) may impose a penalty on a covered entity for a failure to comply with a requirement of the
Privacy Rule. Penalties will vary significantly depending on factors such as the date of the violation,
whether the covered entity knew or should have known of the failure to comply, or whether the covered
entity's failure to comply was due to willful neglect.