The HIPAA Privacy Rule sets standards with respect to the rights of individuals to their health information, procedures for exercising those rights, and the authorized and required uses and disclosures of such information. The Privacy Rule defines what information needs to be protected and who, is authorized to access the protected health information, and delineates individuals’ rights to control and access their own protected information.

The security standards in HIPAA were developed for two primary purposes. First, and foremost, the implementation of appropriate security safeguards protects certain electronic health information that may be at risk. Second, protecting an individual’s health information, while permitting the appropriate access and use of that information, ultimately promotes the use of electronic health information in the industry – an important goal of HIPAA.

The Office of Civil Rights (OCR) within the US Department of HHS oversees and enforces the Privacy and Security Rule.

HIPAA guarantees individuals the right to access and request amendment of their protected health information and to request an accounting of disclosures of PHI. Contact the Privacy Officer for the NH Department of Health & Human Services with questions regarding these rights.

HIPAA requires the Department’s direct care providers to give individuals copies of the Department’s standardized Notice of Privacy Practices, and to make good-faith efforts to obtain an acknowledgment of receipt.

The NH Department of Health and Human Services Privacy Officer is responsible for the implementation of HIPAA policies and procedures required by federal and state law. The Privacy Officer also monitors, reviews, and investigates activities within DHHS to assure compliance with HIPAA.