HIPAA

HIPAA for Members

The Utah Department of Health, Division of Medicaid and Health Financing takes the protection of your health information very seriously.  We are required by law to keep your health information private and secure. The Federal Law that has specific rules about the privacy and security of health Information is HIPAA.

What is HIPAA and Why Is It Important?

"HIPAA" stands for the Health Insurance Portability and Accountability Act of 1996.  The intent of "HIPAA" was:

  • to improve health coverage by allowing individuals to "take their insurance with them" when they changed jobs;

  • to combat fraud, waste and abuse; and,

  • to simplify the administration of health insurance

HIPAA applies to "covered entities".  Covered entities are providers, e.g., doctors, hospitals, pharmacies; health insurance plans, e.g., Blue Cross/Blue Shield, United Health Care, Medicare and Medicaid, etc.; and, health care clearinghouses who assist providers with billing and health information access.

One way to accomplish this is to manage health information electronically.  This would help covered entities more easily use and share data to treat you, bill for services, and run health care operations.  HIPAA makes it easy to share data for these reasons, and, at the same time, limits access to your health information by requiring patient approval for other uses of the data.

Notice of Privacy Practices

One important requirement of covered entities under HIPAA is to notify you of what happens to the health information they collect, use and share.  This requirement is called a "Notice of Privacy Practices".  The Notice must be given to you the first time you have a provider visit or sign up for insurance coverage.  It tells you:

  1. How they use and share your health information; and,
  2. What rights individuals have under HIPAA to manage their own health information.

Here are copies of the Medicaid Notice of Privacy Practices in English and Spanish.

Medicaid English opens in a new tab

Medicaid Español opens in a new tab

Forms

You have the right to receive a copy of your health information.  If you wish to obtain a copy of your Medicaid billing information, you may complete the following form, and submit it to the Medicaid Privacy Office, and a claims and payment report will be sent to you.

Client Request for Personal Health Information Form opens in a new tab

If you want Medicaid to share your billing information for any reason, you may complete the following form, and submit it to the Medicaid Privacy Office.

Authorization Form to Disclose Health Information Form opens in a new tab

If you want a provider or an outside organization to share your information with Medicaid, you may complete the following form, and send it to that provider or organization for processing.

Authorization to Disclose Information Form opens in a new tab

Rules and Regulations

HIPAA includes some important regulations that help create a system of privacy and security for the use and sharing of health information.  These are:

The Privacy Rule

This rule includes regulations that require the protection of medical records and other personal health information that is collected and kept by covered entities.  It regulates the use and disclosure of protected health information (PHI), whether it’s written, oral or electronic.

The Rule 1) makes sharing of information for treatment, payment and health care business operations; 2) gives patients rights to access and manage their health information, and to know where their information has been shared; and, 3) restricts the sharing of health information to the minimum necessary to accomplish a specific purpose.

The Security Rule

This rule covered entities to implement a series of administrative, technical, and physical security requirements to protect the confidentiality, integrity and availability of PHI.

The Breach Notification Rule

This rule requires covered entities to notify individuals if their PHI has been "breached", that is, used or disclosed in a way that is not allowed by HIPAA.

Utah Health Information Rules

The Utah Health Information Network (UHIN) is a not-for-profit organization that reduces the cost of providing health care by efficiently managing electronic health information. Visit the UHIN website for more information about how they make healthcare work more easily for patients.