HIPAA Privacy Notice

Printer-friendly version

The Health Insurance Portability and Accountability Act of 1996 (HIPAA – Public Law 104-191) protects personal health information. People have certain rights concerning their health information, including setting boundaries on how entities use it, establishing proper safeguards, and holding violators accountable. The HIPAA Privacy regulations went into effect on April 14, 2003.

Personal health information may be verbal, written, or electronic communication created, received, or maintained by HHSC. It relates to any person's past, present, or future physical or mental health.

Protected Health Information (PHI) is available to pharmacy providers daily. PHI includes any health care data plus any other identifying information allowing someone to use the data to identify a specific person. Data may include claim information, prior authorizations, medical records, or consent forms.

The pharmacy should never release PHI to anyone who does not need to know the information. If you are asked about a person's PHI and do not feel the person asking needs to know, immediately refer to your supervisor. You should discuss questions or concerns about PHI with your management.