Browse Regulation Areas

Rules governing the use and disclosure of protected health information (PHI) by covered entities and business associates.

Standards for protecting electronic protected health information (ePHI) through administrative, physical, and technical safeguards.

Requirements for notifying individuals, HHS, and media when unsecured PHI is breached.

Prohibits physicians from referring Medicare/Medicaid patients for designated health services to entities with which they have a financial relationship, unless an exception applies.

Prohibits offering, paying, soliciting, or receiving anything of value to induce referrals for services covered by federal healthcare programs. Includes safe harbors and OIG exclusion authority.

Requirements that healthcare facilities must meet to participate in Medicare and Medicaid programs, including hospitals, nursing facilities, home health, and specialized providers.

Prospective payment systems for hospitals, Medicare Advantage, and federal health insurance rules for the aged.

Federal rules for state Medicaid managed care programs, including network adequacy, enrollee rights, quality, and grievances.

Federal regulations governing medical device classification, approval, reporting, and quality systems.

ONC Health IT certification standards and information blocking rules under the 21st Century Cures Act.

Clinical Laboratory Improvement Amendments requirements for lab certification, personnel, quality control, and proficiency testing.

Federal confidentiality protections for substance use disorder patient records, stricter than HIPAA in many cases.

Federal regulations governing investigational new drugs and new drug applications.