Skip to content


Health Insurance Portability and Accountability Act

For more information:

The Health Insurance Portability and Accountability Act (HIPAA) generally requires covered entities to receive authorization from an individual before using or making disclosures to others about protected health information (PHI). An authorization is required if a use or disclosure of PHI is for purposes that are unrelated to treatment, payment, health care operations, unless disclosure is otherwise required or permitted by HIPAA (for instance it is a requirement of law).

DHSS has created a HIPAA compliant authorization form for use by DHSS agencies to ensure any use or disclosures of PHI is completed in compliance with HIPAA.

Click here for Authorization Form
Click here for Revocation of Authorization Form
Click here for HIPAA Privacy Notice

Below are some helpful links leading to more information
on HIPAA Privacy.

Information on the Privacy Rule

DHHS OCR website (lots of great HIPAA resources):

Information regarding the Security Rule:


Information on the Transaction and code set Rule:

(Because this site name requires more width than is possible for this site to handle, The site name that follows is on two lines: It needs to be pasted into your browser as one line, with no space inbetween the "02" and the "_T".

Information about the provider, plan and employer identifier rules:

Download the implementation guides that are to be used for the transaction and code set standards from Washington Publishing Company website:

Public Law 104-191:

The rule addressing Civil Money Penalties; Procedures for Investigations, Imposition of Penalties, and Hearings

The Federal Register making a correction to the date that these provisions expire