Health Insurance Portability and Accountability Act (HIPAA)
The Federal Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act establish national standards for the protection of certain health information.
The law was designed to reform health care coverage by:
- safeguarding the privacy and confidentiality of patient information
- improving the portability and continuity of health insurance
- combating waste in health care delivery
- simplifying the administration of health insurance
The law requires health care plans, providers, and clearing houses to protect and safeguard the privacy and confidentiality of patient health information as long as it is in their possession.
CONSUMERS
As a consumer, HIPAA gives you rights over your health information and sets rules and limits on who can look and receive your health information. HIPAA also requires security for health information in electronic form.
Learn more about Your Rights Under HIPAA.
If you are a patient with a mental health condition or substance use disorder, there is specific guidance that addresses HIPAA protections. It may be helpful for you to know the ways your family, friends, and others involved in your care will be able to get the information they need to support your treatment, care coordination, and recovery.
Learn more about HIPAA Guidance Related to Mental Health and Substance Use Disorder Treatment.
If you believe a HIPAA-covered entity violated your health information privacy rights, File a Complaint.
COUNTIES & PROVIDERS
Counties and local providers should review HIPAA standards on privacy and security that:
- focuses on compliance and implementation issues that are of concern to the local mental health community.
- respond to the needs of local mental health providers and county mental health departments.
- are accurate, timely and relevant to mental health consumers, providers, and counties.
Fast Facts for Covered Entities
Preemption of State Laws
HIPAA privacy standards preempt or override all but the 'more stringent' provisions of State law. According to OMH, HIPAA preempts some State Mental Hygiene Provisions.
To comply with HIPAA, it may be necessary for mental health providers and county mental health departments to change the way they treat patient information.
FREQUENTLY ASKED QUESTIONS
We strongly encourage providers and counties to consult with their own lawyers and HIPAA officials or contact their trade association's HIPAA expert for advice on specific local HIPAA requirements.
For information about filing HIPAA complaints, please review the Notice of Privacy Practices given to you by your treatment provider or visit https://www.hhs.gov/ocr/complaints/index.html.
If you have a question or concern about other mental health issues, a specific provider, or about your own or a family member's care and treatment, please call OMH Customer Relations toll-free at 1-800-597-8481.