Travis County Health Insurance Portability and Accountability Act (HIPAA) Handbook
About this Handbook
The HIPAA Policy Handbook contains the Privacy Policies and Procedures of Travis County (“County”). Its purpose is to ensure the privacy of protected health information (PHI) and compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Texas Medical Records Privacy Act, and other applicable laws, regulations and rules regarding confidential medical information.
This handbook contains the policies and procedures you need to make decisions about handling PHI. The policies apply to all County workforce members (see “Definitions” on page 4 of the workbook for workforce), who provide services for a County HIPAA covered component (see the Hybrid Designation Order) and who come into contact with PHI.
The handbook is divided into three areas
- administrative rules
- uses and disclosures
- Individual’s rights of access.
If you have any questions about how you may handle PHI, you should contact the Privacy Officer.
Download the entire handbook (PDF)
Individual Policies (PDFs)
1.1 Management of Privacy Complaints
1.2 Prohibition of Intimidating or Retaliatory Acts
1.3 Reporting and Investigating Suspected PHI Privacy Breach (Security Incidents)
1.4 Mitigation from Harm Resulting from PHI Breaches
2.2 Disclosure to Persons Involved in Individual’s Care
2.3 Verifying Identity and Authority of a person requesting PHI
2.4 Permitted Uses and Disclosures of PHI
Special Note for Plans, rule difference for corrections
2.5 Authorization for Release of PHI
2.8 Safeguarding PHI: Use and Storage
3.1 Provision of Notice of Privacy Practices
Rule Differences: Plans, Providers, Corrections
3.2 Rights to Access PHI
Differences for Corrections
3.3 Requests for Restrictions on Uses and Disclosures
3.4 Request for Confidential Communications
Rule difference for health plans
3.5 Designated Record Sets
Differences for health plans and health providers
Forms
- Travis County Privacy/Incidient Complaint Form
- Determine If You Are A HIPAA Holding Business Unit
- Notice of Privacy Practices (English and Español)
- Authorization for Release of PHI (English and Español)
- Request for Restrictions for Uses and Disclosure of PHI (English and Español)
- Request for Alternate (Confidential) Communications (English and Español)
- Request to Access Records (English and Español)
- Request for Amendments to PHI (English and Español)
- Request for Accounting of Disclosures of PHI (English and Español)