Minnesota Privacy & Security Resources


Privacy and Security Resources for Minnesota Health Care Providers

The Minnesota Health Records Access Study (2013) identified gaps and opportunities for providing resources and guidance to health and health care providers to aid in implementing more robust privacy and security programs throughout the state.

In 2014, the Minnesota Department of Health (MDH), in consultation with the Minnesota e-Health Advisory Committee, convened the Minnesota e-Health Privacy and Security Workgroup to provide expert analysis and opinions on materials and resources that may be used to enhance privacy and security programs throughout the state. The work is ongoing, and current resources are available at the links below.

Minnesota Standard Consent Form to Release Health Information (PDF 212KB/3 pgs)
A standard patient consent form for a person to release their health information.

Minnesota Model Notice of Privacy Practices (NPP) (PDF 783KB/10 pgs)
(Adapted for Minnesota from U.S. Department of Health and Human Services Model NPP)

Summary of Proactive Monitoring Procedures for Secure Individual Identifiable Health Information (PDF 496KB/ 7pgs)

Security Risk Analysis Tip Sheet (965KB/7 pgs)

HIPAA, Minnesota’s Health Records Act, and Psychotherapy Notes (PDF 420KB/6 pgs)


Other Minnesota Activities and Resources

Privacy and Security Workgroup
Website of the Privacy and Security Workgroup of the Minnesota e-Health Initiative.

Minnesota Health Records Act
Minnesota law governing health records information, Minnesota Statutes 144.291 through 144.298

Upper Midwest HIE Interstate Patient Consent Tools
The Upper Midwest HIE (UM HIE) State Health Policy Consortium has developed a set of tools for health care providers designed to ease the exchange of patient health information, with consent, across state borders specifically for Minnesota, North Dakota, South Dakota, Wisconsin and Illinois.

The Minnesota Commissioner of Health has endorsed these new tools and encourages health care providers to use the UM HIE Common Consent Form.

Visit the UM HIE webpage to access the tools and read more about the Commissioner's endorsement.

Minnesota Documents Related to Federal Privacy & Security Activities

National Resources

ARRA Title XIII: HITECH Act, Subtitle D – Privacy (PDF 113KB/22 pg)
Full text of privacy provisions included in the HITECH Act.

HHS Interim Final Rule and Request for Comment on Breach Notification of Unsecured Protected Health Information (PDF 315KB/121 pg)
Full text of the U.S. Department of Health and Human Services health information breach notification interim final rule for HIPAA covered entities.

FTC Interim Final Rule on Health Breach Notification (PDF 386KB/88 pg)
Full text of Federal Trade Commission’s health information breach notification rule for non-HIPAA covered entities.

HHS Interim Final Rule Enforcement (PDF 83KB/9 pg)
Full text of HHS amending sections within HIPAA related to the authority of the Secretary of the HHS (the Secretary) to impose civil money penalties.

HHS Proposed Rule Genetic Information Nondiscrimination Act of 2008 (GINA) (PDF 134KB/51 pg)
Full text of HHS proposed rule to modify certain provisions HIPAA related to genetic information.

Statement of Organization, Functions, and Delegations of Authority (PDF 14KB/4 pg)
Full text of HHS statement of delegated authority for HIPAA security rule from the Centers for Medicare & Medicaid Services (CMS) to the Director, Office for Civil Rights (OCR).

Updated Monday, November 09, 2015 at 03:57PM