HIPAA Regulations/Privacy Statement
In 1996 Congress passed the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In August, 2002, the Department of Health and Human Services released the final rules governing the privacy of health care information, 45 C.F.R. Parts 160 and 164. The rules that went into affect in April of 2003 to protect the privacy of health care information held by most health care providers – including public health departments and public substance abuse and mental health agencies. Confidentiality rules also apply to health insurance plans and electronic health information clearing houses (electronic data warehouses). Other parts of the HIPAA regulations govern security standards for both paper and electronic health records (45 C.F.R. Parts 142 and 162).
The HIPAA Regulations set standards for the maintenance, use, and disclosure of health information, including what must be done before a disclosure of confidential information can be made, the manner in which the information may be disclosed, and to whom it may be disclosed. HIPAA requires health care providers to publish a notice of privacy practices that must be made available to each client receiving services. HIPAA also requires an affirmative release of information signed by the client/patient or parent of a minor patient receiving health care services in order for information to be released to a third party. The HIPAA privacy and confidentiality regulations are not absolute: provisions are made for releases of information in certain rare circumstances, such as child abuse, medical emergencies, and others. The HIPAA regulations also provide that individuals have rights to access their own health records, and other client/patient directed rights.
The Notice of Privacy Practices used by the Utah County Health Department and Utah County Division of Substance Abuse can be downloaded in .pdf format below.
Notice of Privacy Practices (pdf) English | Spanish
More information about HIPAA: