| Definitions | HIPAA Privacy Rule: Federal law that provides individuals with rights over their health information and sets rules and limits on who can look at and receive personal health information.HIPAA Security Rule: Federal law that protects health information in electronic form and requires entities covered by HIPAA to ensure that electronic protected health information is secure and the confidentiality provisions of the Patient Safety Rule are enforced.Patient Safety Rule, Subpart C: Federal law that describes confidentiality protections, which protect identifiable information being used to analyze patient safety events and improve patient safety.Protected information: Personal information about an individual or his or her family that they would not generally want shared with the public. |
| State and lead agency responsibilities | In carrying out your duties, you may handle one or more types of private information, collectively referred to as protected information, concerning people who use DHS services. Everyone who works in these areas has a responsibility to follow laws and rules that safeguard protected information.Privacy noticeWhen you collect protected information about people who use services, patients, and other people, you are required to give them notice of their rights.Typically, this notice is titled, Your Privacy Rights, Notice of Privacy Practices for Protected Health Information, or Tennessen Notice or Warning.For more information about the privacy notices used in your job, check with your supervisor.Remember: The privacy notice is not a consent or authorization to release information. When a signed consent or authorization form is required, you must get the appropriate form signed, in addition to providing the privacy notice.DocumentationLead agencies that are subject to HIPAA must document their compliance with the privacy and security rules that apply to them.For legal advice and to assure you are compliant with applicable privacy and security regulations, you should speak with your lead attorney. |
| Laws that may apply to you | The following in Minnesota Government Data Practices Act (MGDPA), Minnesota Statutes, chapter 13:• Private data (as defined in Minn. Stat. §13.02, subd. 12)• Confidential data (as defined in Minn. Stat. §13.02, subd. 3)• Welfare data (as governed by Minn. Stat. §13.46)• Medical data (as governed by Minn. Stat. §13.384)• Other non-public data governed elsewhere in the MGDPA.Health records (as governed by the Minnesota Health Records Act [Minn. Stat. §144.291 – 144.298])Chemical health records (as governed by 42 U.S.C. § 290dd-2 and 42 C.F.R. § 2.1 to §2.67)Protected health information (PHI) (as defined in and governed by the Health Insurance Portability Accountability Act [HIPAA], 45 C.F.R. § 160.103)Federal tax information (FTI) (as protected by 26 U.S.C. 6103)Information or data governed by the Final Exchange Privacy Rule at 45 C.F.R. § 155.260Other information or data subject to applicable state and federal statutes, rules, and regulations that affect the collection, storage, use, or dissemination of private or confidential information. |
