Notice of Privacy Practices: HIPAA requires us to provide our patients, clients and MaineCare members with a Notice of Privacy Practices, to inform individuals of their rights and our obligations regarding their information. We are required to follow the terms of our Notice.

Privacy and Security of Health Information - HIPAA

The Maine Department of Health and Human Services (the “Department”) takes the protection of health information very seriously.  DHHS has a Director of Healthcare Privacy who serves as our Department’s Privacy Officer, and our offices have Privacy and Security Officials or Privacy Liaisons who work to follow state and federal healthcare privacy laws, including the Health Insurance Portability and Accountability Act of 1996, or HIPAA. HIPAA has many purposes, but in part, it tells us how we can use and share protected health information, and the safeguards that are required to keep that information secure. HIPAA does not apply to all of our offices or programs, but when it does, we are required to follow it. There are steep penalties for failing to comply with the law.

Even if an office does not fall under HIPAA, the Department still promises to use reasonable safeguards to protect the information of the individuals we serve.

Authorization or Release Form: HIPAA and other federal and state laws require us to provide you with a way to share your information if you wish to do so.  Please download and complete the Authorization to Release Form (PDF) to provide us with permission to disclose your confidential records.

Revocation Form: If you change your mind and want to take back your permission to share your data, you may do so by completing the Revocation Form (*PDF) and sending it to the appropriate DHHS office where you receive services. We will no longer share your information after we receive your request.

The Department implements and updates confidentiality policies, procedures, training and forms that the law requires for us to keep health information protected, whether that information is part of a conversation, in a paper chart, or part of an electronic record.  Only the minimum health information necessary to conduct business is to be used or shared. Additionally, we only enter into agreements with other organizations to help us with our business processes if they agree to safeguard the information as the law requires.

We will also investigate any possible breach of patient or client data that happens at a Department office or with one of our vendors or business associates. If an actual breach occurs, the Department will contact individuals whose information is at risk, and report the breach to government regulators.

If you have questions, you may contact our Director of Healthcare Privacy at DHHS.Privacy@maine.gov