Guidance for pediatric practices on managing protected health information.


Pediatricians and medical offices have been wrestling with the Health Insurance Portability and Accountability Act (HIPAA) for more than two decades.

The HIPAA regulations most relevant to physicians, health clinics, hospitals and other Covered Entities are the Privacy and Security Rules for protected health information (PHI). First implemented in 2000, and updated in 2013 via the Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA has dramatically changed how PHI is kept private and secure. Practices that have not updated their HIPAA compliance materials and daily office operations since 2009 in order to comply with HITECH need to do so right away. New HIPAA regulations are anticipated to be released in 2021 or 2022. They may significantly change the regulations.

Pediatricians are well-advised to keep their HIPAA policies and procedures up-to-date and incorporated into daily practice operations.  

Disclaimer: This information is general in scope and educational in nature. It is not intended as legal advice. If you require legal advice, contact an attorney. 

The recommendations in this publication do not indicate an exclusive course of treatment or serve as a standard of medical care. Variations, taking into account individual circumstances, may be appropriate. This content is for informational purposes only. It is not intended to constitute financial or legal advice. A financial advisor or attorney should be consulted if financial or legal advice is desired.


Last Updated



American Academy of Pediatrics