Minnesota Privacy & Security Resources


Privacy and Security Resources for Minnesota Health Care Providers

The Minnesota Health Records Access Study (2013) identified gaps and opportunities for providing resources and guidance to health and health care providers to aid in implementing more robust privacy and security programs throughout the state.

In 2014, the Minnesota Department of Health (MDH), in consultation with the Minnesota e-Health Advisory Committee, convened the Minnesota e-Health Privacy and Security Workgroup to provide expert analysis and opinions on materials and resources that may be used to enhance privacy and security programs throughout the state. The work is going, and current resources are available at the links below.

Minnesota Standard Consent Form to Release Health Information (PDF 212KB/3 pgs)
A standard patient consent form for a person to release their health information.

Minnesota Model Notice of Privacy Practices (NPP) (PDF 783KB/10 pgs)
(Adapted from U.S. Department of Health and Human Services Model NPP)

Summary of Proactive Monitoring Procedures for Secure Individual Identifiable Health Information (PDF 496KB/ 7pgs)

Security Risk Analysis Tip Sheet (965KB/7 pgs)

HIPAA, Minnesota’s Health Records Act, and Psychotherapy Notes (PDF 420KB/6 pgs)


Other Minnesota Activities and Resources

Privacy and Security Workgroup
Website of the Privacy and Security Workgroup of the Minnesota e-Health Initiative.

Minnesota Health Records Act
Minnesota law governing health records information, Minnesota Statutes 144.291 through 144.298

Minnesota Documents Related to Federal Privacy & Security Activities

National Resources

ARRA Title XIII: HITECH Act, Subtitle D – Privacy (PDF 113KB/22 pg)
Full text of privacy provisions included in the HITECH Act.

HHS Interim Final Rule and Request for Comment on Breach Notification of Unsecured Protected Health Information (PDF 315KB/121 pg)
Full text of the U.S. Department of Health and Human Services health information breach notification interim final rule for HIPAA covered entities.

FTC Interim Final Rule on Health Breach Notification (PDF 386KB/88 pg)
Full text of Federal Trade Commission’s health information breach notification rule for non-HIPAA covered entities.

HHS Interim Final Rule Enforcement (PDF 83KB/9 pg)
Full text of HHS amending sections within HIPAA related to the authority of the Secretary of the HHS (the Secretary) to impose civil money penalties.

HHS Proposed Rule Genetic Information Nondiscrimination Act of 2008 (GINA) (PDF 134KB/51 pg)
Full text of HHS proposed rule to modify certain provisions HIPAA related to genetic information.

Statement of Organization, Functions, and Delegations of Authority (PDF 14KB/4 pg)
Full text of HHS statement of delegated authority for HIPAA security rule from the Centers for Medicare & Medicaid Services (CMS) to the Director, Office for Civil Rights (OCR).

Updated Friday, January 23, 2015 at 10:59AM