The Department of Human Services (DHS) will keep an individual's information private. This applies to collecting, using, and safeguarding the individual's information for all assistance programs including:
Child Support
Social Service Programs, and
Child Welfare.
DHS uses information it receives about individuals to:
Establish eligibility.
Compute benefit amounts.
Provide services.
Investigate, prosecute, or bring criminal or civil actions associated with the administration of assistance programs, and
Administer other Federal or Federally-assisted programs that provide cash or in-kind assistance or services directly to individuals based on need.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HIPAA regulations created national standards to protect individually identifiable health care information. HIPAA rules prohibit disclosing Protected Health Information (PHI) except in certain circumstances discussed in this chapter.
HIPAA sets minimum standards for safeguarding PHI. These standards reinforce existing policies, procedures and practices that safeguard an individual's information and keep it private.
See the HIPAA Privacy Implementation Handbook.
The CAO will establish procedures to make sure unauthorized individuals do not have access to case records or other private client information.
HIPAA regulations require DHS to provide all new individuals a copy of the DHS Notice of Privacy Practices form PA 1806 and notify individual of the availability and how to obtain the notice at least once every three years. The CM 472 Request a copy of the Departments Notice of Privacy Practices is an abbreviated notice that the Notice of Privacy Practices is available and how to obtain it. The CM 472 is included as part of all automated renewal packets and the Semi-Annual Reporting (SAR) form.
See Appendix A for a copy of form PA 1806, Notice of Privacy Practices. Include the notice in all application and redetermination packets.
COMPASS online applications also provide links to HIPAA.
The CAO will safeguard:
Names of individuals.
Addresses of individuals.
Benefit amounts of individual recipients.
Names of individuals who report suspected welfare fraud.
Any other recorded or unrecorded information related to the conditions or circumstances of specific individuals.
Protected Health Information (PHI) (This includes all information about the individual in the case record).
Federal Tax Information (FTI) is protected by the confidentiality provisions of the Internal Revenue Code section 6103.
The CAO will safeguard all information in applications, reports of investigations, financial and medical records and correspondence.
Authorization for Use or Disclosure of Personal Information Form (HS 1815)—A document signed by the individual to permit a one-time (or time-limited) disclosure of specific information to an identified individual or group for purposes other than treatment, payment or normal CAO day-to-day business operations. See Appendix A for this form.
Request for Address and/or Amount of Assistance (PA 163)—A document signed by individuals to request the address and assistance amount of TANF and GA recipients. See Appendix B for this form.
Business Associate—An individual or entity that acts on behalf of a covered entity or an organized health care arrangement to perform or help to perform one of the following:
A function or activity that uses or discloses individually identifiable health information. Examples are: processing or administering claims, analyzing, processing or administering data, reviewing utilization, assuring quality, billing, managing benefits or practice, and re-pricing, or
Services for the covered entity or organized health care management. Examples of services are: legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation or financial services.
Health Care Plan—A health care plan is an individual or group plan that provides or pays for the cost of medical care. The Office of Income Maintenance is the entry point for health care services under the Medical Assistance program. MA is defined as a health care plan under HIPAA.
Normal Operations of the CAO—This includes deciding eligibility, including all required verification, authorization or denial of benefits plus providing services available through the CAO. Services could include housing, hunger assistance programs, employment and training, counseling and job placement, energy assistance, childcare, etc.
Privacy Officer—The DHS Office of General Counsel official who is responsible for Privacy Regulations compliance.
Protected Health Information (PHI)—This is health information that identifies an individual, kept, or sent in any form or medium. PHI includes oral communications, paper records, notes, e-mail, and the electronic records on eCIS and other databases. Any information the worker collects that identifies an individual is PHI. Examples: name, address, and Social Security Number. For CAO purposes, all information about the individual in the entire case record is PHI.
Revised October 24, 2023, replacing September 7, 2018