HIPAA
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) generally requires covered entities to receive authorization from an individual before using or making disclosures to others about protected health information (PHI). An authorization is required if a use or disclosure of PHI is for purposes that are unrelated to treatment, payment, health care operations, unless disclosure is otherwise required or permitted by HIPAA (for instance it is a requirement of law).
DHSS has created a HIPAA compliant authorization form for use by DHSS agencies to ensure any use or disclosures of PHI is completed in compliance with HIPAA.
Click here for an Authorization Form
Click here for a Revocation of Authorization Form
Click here for a HIPAA Privacy Notice
Below are some helpful links for more information on HIPAA Privacy.
The Privacy Rule:
http://www.hhs.gov/ocr/hipaa/finalreg.html
DHHS OCR website (lots of great HIPAA resources):
http://www.hhs.gov/ocr/hipaa/
The Security Rule:
http://www.cms.hhs.gov/hipaa/hipaa2/regulations/security/default.asp
WEDI SNIP: http://www.wedi.org/
The Transaction and code set Rule: http://www.cms.hhs.gov/EducationMaterials/03_TransactionsandCodeSetMaterials.asp
The provider, plan and employer identifier rules: http://www.cms.hhs.gov/hipaa/hipaa2/regulations/identifiers/default.asp
Download the implementation guides that are to be used for the transaction and code set standards from Washington Publishing Company website:
http://www.wpc-edi.com/hipaa/HIPAA_40.asp
Public Law 104-191: http://aspe.hhs.gov/admnsimp/pl104191.htm
The Federal Register making a correction to the date that these provisions expire
For questions regarding HIPAA Privacy, please contact
Randall Schlapia, DHCS Deputy Director
