Health Information Portability and Accountability Act (HIPAA)

The MMA legal team is pleased to have resources available to help practices comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules, the Health Information Technology for Economic and Clinical Health (HITECH) Act amendments to HIPAA, and Maine state confidentiality laws.

For an overview of HIPAA, click here to view an MMA slide presentation. 

We have a number of sample forms available for practices, which include: 

Please contact the MMA for Word versions of the documents that can be edited.  Please note that practices will need to update their Notice of Privacy Practices and Business Associates Agreements to take into account the most recent changes under HITECH and a Final Omnibus HIPAA Rule that was released by the federal government on January 17, 2013. You can view a copy of the Final Omnibus Rule here.  As promised, the omnibus rule embodies four final rules:

  • modifications to the HIPAA Privacy and Security rules mandated in the Health Information for Economic and Clinical Health (HITECH) Act;
  • changes to the HIPAA enforcement rule;
  • final regulations concerning reporting of data breaches; and
  • modifications to the Privacy Rule as required in the Genetic Information Nondiscrimination Act (GINA).

Please note that the forms posted above are models only. They must be adapted to take into account the specific needs of your practice. In certain places we have indicated where the forms needs to be personalized, but all aspects of the forms should be reviewed to ensure they meet your office practices. While all efforts have been made to ensure that the forms are current at the time of distribution, they are for educational purposes only and do not proport to be legal advice. If your practice requires legal advice regarding complying with HIPAA, HITECH or Maine requirements, you should consult with an attorney. This information does not attempt to be a complete list of the forms and policies necessary to comply with HIPAA, HITECH or Maine law but to address the most common requests received by MMA.

For more information about complying with HIPAA requirements, see:

MMA CEO, Andrew MacLean is happy to provide training and answer questions about HIPAA compliance. This is a low cost way to meet your annual HIPAA staff training requirements. You can schedule by contacting Andrew MacLean at 207-480-4187 or by emailing