top of page

HIPPA PRIVACY & POLICY

Definitions

HIPAA Privacy Rule: A federal law that grants individuals rights over their health information and establishes regulations and limitations on who may access and receive personal health information.

HIPAA Security Rule: A federal law designed to protect health information in electronic form. It mandates that entities covered under HIPAA ensure the security of electronic protected health information and enforce the confidentiality provisions outlined in the Patient Safety Rule.

Patient Safety Rule, Subpart C: A federal law that delineates confidentiality protections to safeguard identifiable information utilized in analyzing patient safety events and improving patient safety.

Protected Information: Personal information pertaining to an individual or their family that is not generally intended for public disclosure.

State and Lead Agency Responsibilities

In the execution of your duties, you may handle various types of private information, collectively referred to as protected information, concerning individuals who utilize DHS services. All personnel operating in these areas bear the responsibility of adhering to applicable laws and regulations designed to safeguard protected information.

Privacy Notice: When collecting protected information about service users, patients, or other individuals, you are required to provide them with notice of their rights. Typically, this notice is titled Your Privacy Rights, Notice of Privacy Practices for Protected Health Information, or Tennessen Notice or Warning. For further clarification regarding the specific privacy notices applicable to your role, consult your supervisor.

Note: A privacy notice does not constitute consent or authorization for the release of information. When consent or authorization is required, the appropriate form must be signed in addition to providing the privacy notice.

Documentation: Lead agencies subject to HIPAA regulations must document their compliance with applicable privacy and security rules. To ensure adherence to relevant privacy and security laws, it is advisable to seek legal counsel from your lead attorney.

Applicable Laws

The following laws and regulations may apply to the handling of protected information:

  • Minnesota Government Data Practices Act (MGDPA), Minnesota Statutes, Chapter 13:

    • Private Data (Minn. Stat. §13.02, subd. 12)

    • Confidential Data (Minn. Stat. §13.02, subd. 3)

    • Welfare Data (Minn. Stat. §13.46)

    • Medical Data (Minn. Stat. §13.384)

    • Other non-public data governed under the MGDPA

  • Health Records: Governed by the Minnesota Health Records Act (Minn. Stat. §144.291 – 144.298)

  • Chemical Health Records: Governed by 42 U.S.C. §290dd-2 and 42 C.F.R. §2.1 to §2.67

  • Protected Health Information (PHI): Defined and governed under the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. §160.103

  • Federal Tax Information (FTI): Protected under 26 U.S.C. §6103

  • Final Exchange Privacy Rule: Governed by 45 C.F.R. §155.260

  • Other Applicable Laws: Additional state and federal statutes, rules, and regulations that govern the collection, storage, use, and dissemination of private or confidential information.

bottom of page