*** The Health Care Programs Manual (HCPM) has been replaced by the Minnesota Health Care Programs Eligibility Policy Manual (EPM) as of June 1, 2016. Please refer to the EPM for current health care program policy information. ***

Chapter 05 - Client Rights

Effective:  March 1, 2008

05.10.05 - Health Insurance Portability and Accountability Act (HIPAA)

Archived:  June 1, 2016 (Previous Versions)

Health Insurance Portability and Accountability Act (HIPAA)

The federal Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 and initiated in phases from 1998 to 2004. HIPAA is an industry-wide effort to:

l  Ensure consumer control over health information.

l  Provide enhanced physical and technological security for personal health information.

HIPAA responds to concerns from citizens, the health care industry and government agencies for enhanced security and privacy of individual health information. Furthermore, HIPAA creates uniform methods to bill and share health information electronically between health care providers, payers and other organizations involved with health care delivery and payment.

While data privacy is already a familiar concept in Minnesota law, HIPAA privacy standards create a regulatory floor for health care privacy nationwide.

l  If a provision of the HIPAA privacy regulations conflicts with a state law, HIPAA will preempt the state law unless the state law offers more privacy protection to the individual’s health care information. In that case, state law will govern.

l  If HIPAA privacy regulations offer more protection to the privacy of the individual’s health care information, HIPAA will govern in that area.

l  If the two laws do not conflict, covered entities will need to comply with both state and federal privacy laws.

Inform clients of their rights under HIPAA at application, renewal or any other time information is requested. The Notice of Privacy Practices (DHS-3979) should be provided to the client.

Top of Page