DHHS Home Page NC DHHS On-Line Manuals  
     DHHS Manual Home Manual Admin Letters Change Notices Archive Search Index Help Feedback

Previous PageTable of Contents Next Page

DHHS POLICY AND PROCEDURE MANUAL

_____________________________________________________________________________________________________________________

Section VIII:

Privacy and Security

Title:

Privacy Manual

Chapter:

Client Rights Policies, Notice of Privacy Practices

Current Effective Date:

5/1/05

Revision History:

7/10/03

Original Effective Date:

4/14/03

_____________________________________________________________________________________________________________________

Purpose

The purpose of this policy is to specify the requirements for the Notice of Privacy Practices and its distribution, and to provide a standard notice template for use by North Carolina Department of Health and Human Services (NC DHHS) agencies in the development of their agency's Notice.

This policy shall apply to all DHHS Health Insurance Portability and Accountability Act (HIPAA) covered health care components.

Background

Individuals served by a DHHS HIPAA covered agency must be informed of their privacy rights and the agency's responsibilities with respect to protected health information. Each DHHS HIPAA covered agency is required to provide the Notice of Privacy Practices in accordance with the HIPAA Privacy Regulations, 45 CFR Subtitle A, Subchapter C, Part 164.

Policy

DHHS HIPAA covered agencies shall provide a Notice of Privacy Practices to individuals applying for or receiving agency services, with the exception of inmates. Additionally, an agency shall make its Notice of Privacy Practices available to any individual(s) upon request, whether or not the individual is an agency client. The agency shall provide such notice in a manner consistent with all requirements specified within this policy.

The Notice of Privacy Practices shall outline the uses and disclosures of protected health information that may be made, and notify individuals of their rights and the agency's legal duties with respect to protected health information. DHHS agencies that must comply with this policy shall use or disclose health information in a manner consistent with their Notice of Privacy Practices.

DHHS HIPAA covered agencies that operate an Employee Health Service, that provides treatment services to employees above and beyond testing services required as a condition for employment (e.g., TB Tine Test), are required to provide employees with an Employee Health Service Notice of Privacy Practices.

Implementation

Privacy Notice Requirements Applicable to all DHHS HIPAA Covered Agencies

Additional Privacy Notice Requirements Applicable Only to Health Care Plans

Additional Privacy Notice Requirements Applicable Only to Health Care Providers That Have a Direct Treatment Relationship with Clients

Notice of Privacy Practices Elements

Reference:

DHHS Directive Number III-11; 45 CFR 164.520

For relevant forms:

DHHS Notice of Privacy Practices (form DHHS-0025)
DMH/DD/SAS Notice of Privacy Practices (form DHHS-0032)
Medicaid Notices of Privacy Practices (English)
Medicaid Notices of Privacy Practices (Spanish)



For questions or clarification on any of the information contained in this policy, please contact DHHS Privacy Officer. For general questions about department-wide policies and procedures, contact the DHHS Policy Coordinator.

Previous PageTop Of Page Next Page



 


     DHHS Manual Home Manual Admin Letters Change Notices Archive Search Index Help Feedback