No issue is more sensitive for people than keeping their personal health information private. That is one of the reasons the Health Insurance Portability and Accountability Act (HIPAA) became federal law. Learn more about the law and how it is impacting South Dakotan's, government agencies, health providers, and others.
Three areas of HIPAA affect DHS:
- Privacy (keeping client/patient health information private),
- Transaction and code sets (using standard national codes to process billings and conduct business),
- Security (keeping health information secure.)
While DHS has long been committed to protecting client/patient confidentiality, HIPAA provides an opportunity to improve procedures and coordinate policies across the department.
- BIT HIPAA Training - Please note: This is optional training for current DHS employees. However, all new employees must register and complete the module. Please disregard the optional title when entering the BIT module.
- BHR HIPAA Training Video
- BHR HIPPA Orientation - (For New Employees Only)
- Privacy Program Statement of Understanding
- DHS Policy of Summary Handout
- Glossary of Terms Handout
- Meta Star HIPAA Training Presentation
- DHS-100-01 GeneralPrivacy
- DHS-100-02 Client/Patient Privacy Rights
- DHS-100-03 Uses & Disclosures of Client/Patient or Participant Information
- DHS-100-04 Minimum Necessary Information
- DHS-100-05 Administrative, Technical, and Physical Safeguards
- DHS-100-06 Use & Disclosures for Research Purposes & Waivers
- DHS-100-07 De-Identification of Client/Patient Information & Use of Limited Data Sets
- DHS-100-08 DHS Business Associate Relationships
- DHS-100-09 Enforcement, Sanctions, and Penalties for Violation of Individual Privacy
Notice of Privacy Practices
South Dakota Department of Human Services
Effective Date: April 14, 2003
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY!
We are required to provide you with this Notice of Privacy Practices and to explain our legal duties under the federal Health Insurance Portability and Accountability Act (HIPAA).
We are required by law to maintain the privacy of medical information about you. We call this information "protected health information" or PHI. We are required to give you notice of our privacy practices about your PHI and required to follow the terms of the notice currently in effect.
This Notice of Privacy Practices will tell you how we may use or disclose information about you. Not all situations will be described.
In the future we may change the Notice of Privacy Practices. Any changes will apply to information we already have and any information we receive in the future. A copy of the new notice will be posted at each DHS site and facility and provided to individuals as required by law. You may request a copy of the current notice at anytime by contacting a DHS division or facility or get it on line at www.dhs.sd.gov.
We May Use and Disclose PHI about You without Your Authorization
- For Treatment. We may use or disclose PHI about you with health care providers who are involved in your health care. For example, information may be shared to create and carry out a plan for your treatment.
- For Payment. We may use or disclose PHI about you to get payment or to pay for health care services you receive. For example, we may provide PHI to bill your health plan for health care provided to you.
- For Health Care Operations. We may use or disclose PHI information about you in order to manage our programs and activities. For example, we may use PHI about you to review the quality of services you receive.
Other Ways We Might Use or Disclose PHI about You without Your Authorization
- Appointments and Other Health Information. We may send you reminders for medical care or checkups. We may send you information about health services that may be of interest to you.
- For Health Oversight Activities. We may use or disclose PHI about you to inspect or investigate health care providers.
- As Required By Law and For Law Enforcement. We will use and disclose PHI about you when required or permitted by federal or state law or by a court order.
- For Abuse Reports and Investigations. We are required by law to report any allegations of child, elderly, or disabled adult abuse or neglect.
- For Government Programs. We may use or disclose PHI about you for public benefits under other government programs. For example, we may disclose information for the determination of Supplemental Security Income (SSI) benefits.
- To Avoid Harm. We may disclose PHI about you to law enforcement in order to avoid a serious threat to the health and safety of a person or the public.
- For Research. We may use PHI about you for studies and to develop reports. These reports do not identify specific people.
We May Use and Disclose PHI about You without Your Authorization Unless You Object
- Disclosure to Family, Friends, and Others. We may disclose PHI about you to your family or other persons who are involved in your medical care.
- Directory. We may use PHI about you to assist visitors at our facility to locate you or to inform clergy about you.
Other Uses and Disclosures Require Your Written Authorization
- For Other Situations. We will ask for your written authorization before using or disclosing PHI about you. You may cancel this authorization at any time in writing, or by other appropriate means of communication if necessary. We cannot take back any uses or disclosures already made with your authorization.
- Other Laws Protect PHI. Many of our programs have other laws for the use and disclosure of PHI about you. For example, you must give your written authorization for us to use and disclose chemical dependency treatment records.
Your PHI Privacy Rights
- Right to See and Get Copies of Your PHI. In most cases, you have the right to look at or get copies of your PHI. You must make the request in writing. You may be charged a fee for the cost of copying and mailing the PHI to you.
- Right to Request to Correct or Update Your PHI. You may ask us to change or add missing PHI if you think there is a mistake. You must make the request in writing and provide a reason for your request. However, there are conditions under which we may deny this request.
- Right to Get a List of Disclosures. You have the right to ask us for a list of disclosures made after April 14, 2003 and up to six years prior to the date you made the request. You must make the request in writing. This list will not include the times that PHI about you was disclosed for treatment, payment, or health care operations. This list will not include PHI about you provided directly to you or your family, or PHI that you authorized.
- Right to Request Limits on Uses or Disclosures of Your PHI. You have the right to ask us to limit how PHI about you is used or disclosed. You must make the request in writing and tell us what PHI you want to limit and to whom you want the limits to apply. We are not required to agree to the restriction. You can request that the restrictions be terminated in writing or verbally.
- Right to Revoke Permission. If you are asked to sign an authorization to use or disclose PHI about you, you can cancel that authorization at any time. You must make the request in writing. This will not affect PHI that has already been shared.
- Right To Choose How We Communicate With You. You have the right to ask us to share your PHI with you in a certain way or in a certain place. For example, you may ask us to send PHI about you to your work address instead of your home address. You must make this request in writing. You do not have to explain the basis for your request.
- Right to File a Complaint. You have the right to file a complaint if you do not agree with how we have used or disclosed PHI about you.
- Right to Get a Paper Copy of this Notice. You have the right to ask for a paper copy of this notice at any time.
Contact Us to Review, Correct, or Limit Your PHI
You may contact us to:
- Ask to look at or copy your PHI.
- Ask to limit how PHI about you is used or disclosed.
- Ask to cancel your authorization.
- Ask to correct or change PHI about you.
- Ask for a list of disclosures of your PHI.
We may deny your request to look at, copy or change your PHI. If we do deny your request, we will send you a letter that tells you why your request is being denied and how you can ask for a review of the denial. You will also receive information about how to file a complaint.
How to Contact Us
For services provided by the South Dakota Developmental Center contact:
South Dakota Developmental Center
ATTN: HIPAA Privacy Contact
17267 3rd St. W
Redfield, SD 57469-1001
Phone: (605) 472-2400
Fax: (605) 472-4216
For services provided by one of the following divisions: Developmental Disabilities, Rehabilitation Services, or Service to the Blind and Visually Impaired contact:
Department of Human Services
ATTN: HIPAA Privacy Office
Hillsview Plaza, East Hwy. 34
c/o 500 E. Capitol
Pierre, SD 57501-5070
Phone: (800) 265-9684
TTY: (605) 773-5990
Fax: (605) 773-5483
How to File a Complaint or Report a Problem
You may contact those listed above if you want to file a complaint or to report a problem with how we have used or disclosed your PHI. Your services will not be affected by any complaints you make. We cannot retaliate against you for filing a complaint, cooperating in an investigation, or refusing to agree to something that you believe to be unlawful.
You may also file a complaint with the US Department of Health and Human Services, Office of Civil Rights by contacting:
Region VIII, Office of Civil Rights
Department of Health and Human Services
999 18th St, STE 417
Denver, CO 80202
Voice Phone: (303) 844-2024
TDD: (303) 844-3439
Fax: (303) 844-2025
DHS Privacy Forms
Nine new forms have been developed as part of the HIPAA implementation process.
These forms give a person a variety of ways to specify their privacy requests and cover other HIPAA requirements.
Down load HIPAA Privacy Glossary in PDF Format.
|DHS 2091||Privacy Program Statement of Understanding|
|DHS 2092||DHS Notice of Privacy Practices, Acknowledgment of Receipt|
|DHS 2093||Access to Records Request Form|
|DHS 2094||Amendment of Health Record Request Form|
|DHS 2095||Restriction of Use and Disclosures Request Form|
|DHS 2096||Accounting of Disclosures Request Form|
|DHS 2097||Disclosures of Protected Health Information|
|DHS 2098||Safeguard Assessment Tool|
|DHS 2099||Guidance for Admin Tech Physical Safeguard for PHI|
Federal government sources:
Centers for Medicare and Medicaid Services. This page describes how HIPAA affects the CMS. Note: CMS used to be called the Health Care Financing Administration.
U.S. Health and Human Services, Adminstrative Simplification Web Site. Here you can find HHS fact sheets, frequently asked questions, and more.
U.S. Health and Human Services, Office for Civil Rights. This group is responsible for the privacy regulations. This site includes links to the August 14, 2002 Federal Register and the final revised privacy rules.