Privacy and Security of Health Information

We take the protection of your information very seriously. Our Director of Healthcare Privacy and Privacy Liaisons are here to help ensure that we follow the healthcare privacy requirements that apply to our work. 

The Law

The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules help protect your healthcare information.  HIPAA tells us how we may use your protected health information, and the types of safeguards that are required to keep your information secure. Because the Department of Health and Human Services (the Department) has many different functions, HIPAA does not apply to all of our offices. 

Wherever you engage with the Department, know that there are federal or state laws, rules or regulations that we must follow to keep your information confidential. There can be steep penalties for failure to comply.

Your Rights

You have certain rights regarding your information. If you are receiving services from one of our HIPAA-covered entities, you can read about your rights in the Notice of Privacy Practices provided by that office.

Authorization to Release Information 

While the law allows the Department to use your information to serve you, the Department also has an authorization or release form available for you to use when you wish to share your information with others. 

Please download and complete the Authorization to Release Information Form (PDF) to give us permission to disclose your confidential records. Note: The Authorization to Release Form is a fillable PDF. Please download it before filling in the information. If you prefer, please print the form and fill it in with a pen.

The Authorization to Release Form has been translated into the following languages:

Revocation Form: If you change your mind and want to take back your permission to share your information, you may do so by completing the Revocation Form (PDF) and sending it to the Department office where you receive services. We will no longer share your information after we receive your request. 


The Department conducts regular confidentiality training for its staff members and has policies and practices that we must follow to keep your information private and secure. Those practices apply whether your information is verbal (such as when it is used in a conversation between staff who are working on your case,) written (such when it appears in a paper chart,) or electronic (such as when it is used in an electronic record system or email.)

Minimum Necessary  

We may use and share only the minimum information necessary to provide our services. Additionally, we may only work with other organizations that agree to safeguard your information as the law requires.

Privacy or Security Concerns

We will investigate any reported privacy or security incident that involves a Department office or program. If we find that an actual breach occurred, we will contact the individuals whose information is at risk and report the breach to government regulators and others as required by HIPAA or other applicable law.


If you have any questions about the confidentiality of your information, you may contact the Privacy Liaison at the Department office that provides your services, or our Director of Healthcare Privacy, at or 207-287-3707.