Privacy and Security of Health Information

We take the protection the information you share with DHHS very seriously. Our Director of Healthcare Privacy and Privacy Liaisons are here to help ensure we follow the healthcare privacy requirements that apply to our work. 

The Law

The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules help protect your healthcare information.  

  • HIPAA tells us how we may use your protected health information, and the types of safeguards that are required to keep your information secure.
  • Because DHHS has many different functions, HIPAA does not apply to all of our offices, but all consumer information is protected by other state and other federal statutes and rules. 

Your Rights

You have certain rights regarding your information. If you are receiving services from one of our HIPAA-covered entities, you can read about your rights in the Notice of Privacy Practices provided by that office listed below.

  • We may use and share only the minimum information necessary to provide our services. Additionally, we may only work with other organizations that agree to safeguard your information as the law requires.
  • Privacy practices apply whether your information is verbal (such as when it is used in a conversation between staff who are working on your case,) written (such when it appears in a paper chart,) or electronic (such as when it is used in an electronic record system or email).
  • Wherever you engage with DHHS, know that there are federal and state laws, rules or regulations that we must follow to keep your information confidential. There can be steep penalties for failure to comply.
  • You generally have the right to access, view, or request a copy of your records. Please contact the Privacy Liaison in the office where you receive services for next steps.

Notices of Privacy Practices

Authorization to Release Information 

While the law allows DHHS to use your information to serve you, DHHS also has an authorization or release form available for you to use when you wish to share your information with others.

Please download and complete the Authorization to Release Information Form (PDF) to give us permission to disclose your confidential records. Note: The Authorization to Release Form is a fillable PDF. Please download it before filling in the information. If you prefer, please print the form and fill it in with a pen.

The Authorization to Release Form has been translated into the following languages:

Revocation Form

If you change your mind and want to take back your permission to share your information, you may do so by completing the Revocation Form (PDF) and sending it to the Department office where you receive services. We will no longer share your information after we receive your request. 

Privacy or Security Concerns

Privacy Training Provided to DHHS Staff

The Department conducts regular confidentiality training for its staff members and has policies and practices that we must follow to keep your information private and secure.

Reporting concerns about information in your DHHS Records

We will investigate any reported privacy or security incident that involves a DHHS office or program. If we find that an actual breach occurred, we will contact the individuals whose information is at risk and report the breach to government regulators and others as required by HIPAA or other applicable law.

Privacy or Security Concern about Healthcare Providers or Facilities Outside of DHHS

The DHHS Privacy Office does not have the authority to address privacy concerns about providers outside of this agency, such as a hospital and most healthcare providers. If you have a concern about the confidentiality of health information shared with a facility or provider outside of DHHS you may choose to do one or more of the following:

  • Contact the Privacy Official of the provider or facility where you received services to address your concern.
  • File a complaint with the US Department of Health and Human Services Office of Civil Rights, which oversees HIPAA.
  • To file a complaint against an individually licensed provider, such as a nurse, doctor, or dentist, you may contact the licensing board of the provider. A complete list of licensing boards and contact information is available on the State of Maine Professional & Financial Regulation website.
  • To file a complaint involving a rule violation (the right to confidentiality, for example) against facilities licensed by the Division of Licensing and Certification (DLC), including nursing facilities, hospitals, home health agencies, and assisted living providers, visit the DLC Facility Incident and Complaint Forms page.

DHHS Data and Information Requests

Obtaining DHHS Data for Research Purposes

DHHS proactively publishes a wide variety of data and reports on a number of topics. Additional data and reports can be found on the Office and Division pages.

If you are seeking data collected by DHHS that is not publicly available to use for research purposes, please see the DHHS Research Data Request information page.

Freedom of Access Act (FOAA) Information Requests

Information about submitting FOAA requests to DHHS is available here.

Questions?

If you have any questions about the confidentiality information you have shared with Maine DHHS, you may contact the DHHS Privacy Liaisons by emailing DHHS.Privacy@maine.gov or calling 207-287-3707.