HIPAA Notice of Privacy Practices
DMHAS HIPAA Initiative
The Health Insurance Portability and Accountability Act of 1996


The Health Insurance Portability and Accountability Act of 1996 (HIPAA,) also known as the Kennedy-Kassebaum bill, has brought many changes to behavioral healthcare. These changes include the ability to move one’s health insurance coverage when one moves from one job to the next and the right to continue health insurance coverage after employment has ended. HIPAA has also provided the framework for discussions of parity between mental health insurance and general health insurance benefits.

Congress added an Administrative Simplification section to the bill. The goal of this section is to streamline the health care system through the adoption of consistent standards for transmitting uniform electronic health care claims. However, in order for this to succeed, it also became necessary to adopt standards for securing the storage of that information and for protecting individual privacy. Ultimately, the health care industry will have a standardized way of transmitting electronic claims with increased privacy and security protection for the electronic dissemination of health care information.

The HIPAA privacy rule was designed to serve as a minimum level of privacy protection. It is intended to:

  1. Protect and enhance the rights of patients/clients by providing them access to their health information and controlling the inappropriate use of that information.
  1. Improve the quality of health care in the United States by restoring trust in the health care system among consumers, health care professionals, and the multitude of individuals committed to the delivery of care.
  1. Improve the efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, and individual organizations and individuals.

DMHAS will achieve and maintain compliance with the HIPAA, as well as all state and federal regulations regarding the uses and disclosures of patient Protected Health Information or PHI, by: complying with all applicable requirements of the Privacy Standards; keeping records of all PHI disclosures and submit compliance reports as required by the United States Department of Health and Human Services (DHHS); permitting the Secretary of the DHHS access to all facilities, books, records, accounts and other sources of information, including PHI that is pertinent to ascertaining compliance; and, developing procedures to assure compliance with the Privacy Standard’s policies based on the Guidelines For Procedural Development that are attached to most of the policies in the Privacy Policies Implementation Manual.