Note: This HIPAA information applies to legacy Iowa Department of Human Services programs and services only.
The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. As part of the Act, Congress called for regulations promoting administrative simplification of healthcare transactions as well as regulations ensuring the privacy and security of patient information.
These regulations apply to what are called "covered entities:" healthcare providers, health plans and healthcare clearinghouses who transmit any health information in electronic form in connection with a transaction covered under HIPAA. The Iowa Department of Human Services is considered a covered entity under HIPAA as a health plan.
The HIPAA Privacy Regulations govern the release of protected health information, called PHI. Covered entities must provide notice of privacy policies and procedures to patients, obtain consent and authorization for use of information and tell how information is generally shared and how patients can access, inspect, copy and amend their own medical record.
HIPAA Security Regulations dictate the kind of safeguards covered entities must have in place to ensure the confidentiality and integrity of electronic PHI. Â
DHS became HIPAA compliant as of April 21, 2005.Â
HIPAA Resources
The Department of Health and Human Services has designed the following new forms to facilitate compliance with the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). Clients may use some of these forms to exercise their rights under this law. Department staff use some of these forms to fulfill their responsibilities.
Clients may print and complete applicable forms and mail them to the Privacy Officer, Department of Human Services, 1305 East Walnut, Des Moines, Iowa 50319-0114, or take them to their worker at any of the Department's locations in the field or in the facilities.
Designation of Personal Representative, Form 470-3948. Clients may use Form 470-3948 when there is a need to designate a personal representative. A "personal representative" is someone designated by another as standing in the other's place or representing the other's interest for one or more purposes.
HIPAA Complaint, Form 470-3981. Clients may use Form 470-3981 to complain about the Department's policies or procedures implementing the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191, and federal regulations (45 CFR Parts 160 and 164).
Request for List of Disclosures, Form 470-3985Â (Revised 08/03). Clients may use form 470-3985 to request a disclosure of the protected health information that the Department has released to another person or agency.
Request to Change How Health Information Is Provided, Form 470-3947Â (Revised 09/03). Clients may use form 470-3947 to request that protected health information be shared with them by alternative means, such as by email or fax or at a different location, either by mail or in person.
Request to End an Authorization, Form 470-3949. Clients may use form 470-3949 to request that form 470-3951, Authorization to Obtain or Release Health Care Information, that was previously signed by the client or the client's representative be revoked.
Acknowledgement of Notice of Privacy Rights and Practices, Form 470-3946. Form 470-3946 is used by Department health care facilities having a direct treatment relationship with a client to obtain written acknowledgement of the client's receipt of the notice of privacy rights and practices.
Release health information about the client to a third party.
Obtain health information needed to provide service to the client.
HIPAA requires the Department to provide notices to its customers regarding the uses and disclosures of protected health information that may be made by the Department, the customer's rights, and the legal duties of the Department.
The Department's health plans (Medicaid and Hawki) and providers (facilities) have developed notices to meet these requirements. These notices have been mailed or given to current customers and will be provided to new customers at application. The notices are also available by clicking on the applicable link below in both English and Spanish translations.
It is important to note that the Department will not release our customer's health information any differently than it currently does. In fact, HIPAA does create some additional restrictions on how health information can be used. Existing state and federal laws are as restrictive regarding the release of information as HIPAA.
It is also important to note that no action is required of the Department's customers by these notices. The notices are intended to provide information about customer's new rights. Customers should review these notices and contact the persons listed in the notices with any questions or to exercise their rights.