Note: This HIPAA information applies to legacy Iowa Department of Human Services programs and services only.

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. As part of the Act, Congress called for regulations promoting administrative simplification of healthcare transactions as well as regulations ensuring the privacy and security of patient information.

These regulations apply to what are called "covered entities:" healthcare providers, health plans and healthcare clearinghouses who transmit any health information in electronic form in connection with a transaction covered under HIPAA.  The Iowa Department of Human Services is considered a covered entity under HIPAA as a health plan.

The HIPAA Privacy Regulations govern the release of protected health information, called PHI. Covered entities must provide notice of privacy policies and procedures to patients, obtain consent and authorization for use of information and tell how information is generally shared and how patients can access, inspect, copy and amend their own medical record.

HIPAA Security Regulations dictate the kind of safeguards covered entities must have in place to ensure the confidentiality and integrity of electronic PHI.  

DHS became HIPAA compliant as of April 21, 2005. 

 If you have any questions or concerns regarding HIPAA, or how DHS is protecting your health information, please contact: