Completing the PA 162VR for Verification Related to Exchanges 4 and 5, PO19088930 (Published September 6, 2018)
The Department of Human Services (DHS) will keep client information private. This applies to collecting, using, and safeguarding client information for all assistance programs including:
Child Support
Social Service Programs, and
Child Welfare.
DHS uses information it receives about clients to:
Establish eligibility.
Compute benefit amounts.
Provide services.
Investigate, prosecute, or bring criminal or civil actions associated with the administration of assistance programs, and
Administer other Federal or Federally-assisted programs that provide cash or in-kind assistance or services directly to persons based on need.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HIPAA regulations created national standards to protect individually identifiable health care information. HIPAA rules prohibit disclosing Protected Health Information (PHI) except in certain circumstances discussed in this chapter.
HIPAA sets minimum standards for safeguarding PHI. These standards reinforce existing policies, procedures and practices that safeguard client information and keep it private.
See the HIPAA Privacy Implementation Handbook.
The CAO will establish procedures to make sure unauthorized persons do not have access to case records or other private client information.
HIPAA regulations require DHS to provide all clients a copy of the DHS Notice of Privacy Practices. See Appendix A for a copy of form PA 1806, Notice of Privacy Practices. Include the notice in all application and redetermination packets.
PCA14850930 Notice of Privacy Practices (Linked August 21, 2009)
The CAO will safeguard:
Names of clients.
Addresses of clients.
Benefit amounts of individual recipients.
Names of persons who report suspected welfare fraud, and
Any other recorded or unrecorded information related to the conditions or circumstances of specific clients.
Protected Health Information (PHI) (This includes all information about the client in the case record).
The CAO will safeguard all information in applications, reports of investigations, financial and medical records and correspondence.
Authorization for Use or Disclosure of Personal Information Form (HS 1815)—A document signed by the person to permit a one-time (or time-limited) disclosure of specific information to an identified person or group for purposes other than treatment, payment or normal CAO day-to-day business operations. See Appendix A for this form.
Request for Address and/or Amount of Assistance (PA 163)—A document signed by persons to request the address and assistance amount of TANF and GA recipients. See Appendix B for this form.
Business Associate—A person or entity that acts on behalf of a covered entity or an organized health care arrangement to perform or help to perform one of the following:
A function or activity that uses or discloses individually identifiable health information. Examples are: processing or administering claims, analyzing, processing or administering data, reviewing utilization, assuring quality, billing, managing benefits or practice, and re-pricing, or
Services for the covered entity or organized health care management. Examples of services are: legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation or financial services.
Health Care Plan—A health care plan is an individual or group plan that provides or pays for the cost of medical care. The Office of Income Maintenance is the entry point for health care services under the Medical Assistance program. MA is defined as a health care plan under HIPAA.
Normal Operations of the CAO—This includes deciding eligibility, including all required verification, authorization or denial of benefits plus providing services available through the CAO. Services could include housing, hunger assistance programs, employment and training, counseling and job placement, energy assistance, childcare, etc.
Privacy Officer—The DHS Office of General Counsel official who is responsible for Privacy Regulations compliance.
Protected Health Information (PHI)—This is health information that identifies a person, kept or sent in any form or medium. PHI includes oral communications, paper records, notes, e-mail and the electronic records on CIS /eCIS and other databases. Any information the worker collects that identifies the client is PHI. Examples are: name, address and Social Security Number. For CAO purposes, all information about the client in the entire case record is PHI.
Updated September 7, 2018 replacing August 10, 2016