Health Insurance Portability & Accountability Act


In 1996, Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) to improve the efficiency and effectiveness of the health care system.  HIPAA authorizes the United States Department of Health and Human Services (“HHS”) to adopt national standards designed to ensure the security and privacy of individuals’ health information. As required by HIPAA, HHS issued the Standard for Privacy of Individually Identifiable Heath Information (the “Privacy Rule”) and the Security Standards for the Protection of Electronic Protected Health Information (the “Security Rule”).  The Privacy Rule established national standards for the use and disclosure of individually identifiable health information-called “protected health information” or “PHI”, as well as standards for individuals’ privacy rights to understand and control how their health information is used. The Security Rule established a national set of security standards for protecting certain health information that is held or transferred in electronic form. HIPAA and the Privacy and Security Rules were updated in 2009 under the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) and again in 2013 under the Omnibus Rule. HIPAA, the Privacy and Security Rules, HITECH Act and the Omnibus Rule are collectively referred to as the HIPAA Rules.

Protected health information (“PHI”) is information, including demographic data that relates to an individual’s past, present or future physical or mental health or condition, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual, and identifies the individual.

Madison County

In fulfilling the various functions and missions of Madison County, certain County departments come into possession of, use and disclose PHI. The County is committed to compliance with all applicable laws and regulations including, but not limited to, the HIPAA Rules.  The County maintains privacy policies and procedures, a copy of which can be found below.  Additionally, copies of our Notice of Privacy Practices can be found to the left.

  1. Jeffrey A. Aumell

    First Assistant County Attorney

  2. Christina R. Kennedy

    Compliance Officer

  3. Paul Lutwak

    Director of Technology

HIPAA Privacy Policies and Procedures Manual

Last updated Apr 4, 2023