Privacy and Security of Health Information - HIPAA
The Maine Department of Health and Human Services (the “Department”) takes the protection of health information very seriously. DHHS has a Director of Healthcare Privacy who serves as our Department’s Privacy Officer, and our offices have Privacy and Security Officials or Privacy Liaisons who work to follow state and federal healthcare privacy laws, including the Health Insurance Portability and Accountability Act of 1996, or HIPAA. HIPAA has many purposes, but in part, it tells us how we can use and share protected health information, and the safeguards that are required to keep that information secure. HIPAA does not apply to all of our offices or programs, but when it does, we are required to follow it. There are steep penalties for failing to comply with the law.
Even if an office does not fall under HIPAA, the Department still promises to use reasonable safeguards to protect the information of the individuals we serve.
The Department implements and updates confidentiality policies, procedures, training and forms that the law requires for us to keep health information protected, whether that information is part of a conversation, in a paper chart, or part of an electronic record. Only the minimum health information necessary to conduct business is to be used or shared. Additionally, we only enter into agreements with other organizations to help us with our business processes if they agree to safeguard the information as the law requires.
We will also investigate any possible breach of patient or client data that happens at a Department office or with one of our vendors or business associates. If an actual breach occurs, the Department will contact individuals whose information is at risk, and report the breach to government regulators.
If you have questions, you may contact our Director of Healthcare Privacy at DHHS.Privacy@maine.gov