Page updated: 7/25/16

Legal authority

Minn. Stat. Ch. 13

Definitions

HIPAA Privacy Rule: Federal law that provides people with rights over their health information and sets rules and limits on who can look at and receive personal health information.

HIPAA Security Rule: Federal law that protects health information in electronic form and requires entities covered by HIPAA to ensure that electronic protected health information is secure and the confidentiality provisions of the Patient Safety Rule are enforced.

Patient Safety Rule, Subpart C: Federal law that describes confidentiality protections that protect identifiable information being used to analyze patient safety events and improve patient safety.

Protected information: Personal information about a person or their family that they would not generally want shared with the public.

State and lead agency responsibilities

In carrying out your duties, you may handle one or more types of private information, collectively referred to as protected information, about people who use DHS services. Everyone who works in these areas has a responsibility to follow laws and rules that safeguard protected information.

Privacy notice

When you collect protected information about people who use services, patients and other people, you are required to give them notice of their rights.

Typically, this notice is titled Your Privacy Rights, Notice of Privacy Practices for Protected Health Information or Tennessen Notice/Warning.

For more information about the privacy notices used in your job, check with your supervisor.

The privacy notice is not a consent or authorization to release information. When a signed consent or authorization form is required, you must get the appropriate form signed, in addition to providing the privacy notice.

Documentation

Lead agencies subject to HIPAA must document their compliance with the privacy and security rules that apply to them.

For legal advice and to ensure you are compliant with applicable privacy and security regulations, you should speak with your lead attorney.

Laws that may apply to you

The following laws may apply to you:

1. The following in Minnesota Government Data Practices Act (MGDPA), Minn. Stat. Ch. 13:

2. Health records, as governed by the Minnesota Health Records Act, Minn. Stat. §144.291 - 144.298

3. Chemical health records, as governed by 42 U.S.C. §290dd-2 and 42 C.F.R. §2.1 to §2.67

4. Protected health information (PHI), as defined in and governed by the Health Insurance Portability Accountability Act (HIPAA), 45 C.F.R. §160.103

5. Federal tax information (FTI), as protected by 26 U.S.C. §6103

6. Information or data governed by the Final Exchange Privacy Rule, 45 C.F.R. §155.260

7. Other information or data subject to applicable state and federal statutes, rules and regulations that affect the collection, storage, use or dissemination of private or confidential information.

Training

DHS developed a series of web-based training modules, Handling MN Information Securely. Everyone who wants or has access to DHS data must complete these modules annually.