ADHS: Health Insurance Portability and Accountability Act of 1996 (HIPAA)

ADHS HIPAA Tools:

Quick Links:

Arizona Health Care Cost Containment System (AHCCCS)

Center for Medicare
and Medicaid Services (CMS)

HIPAA Compliance
1740 West Adams,
Suite 200
Phoenix, AZ 85007
HIPAA Referral Line:
(602) 364-1560
(602) 542-0112 Fax
E-Mail

Office of Administrative Counsel

Health Insurance Portability and Accountability Act of 1996 (HIPAA)¹

Welcome to the Arizona Department of Health Services (ADHS)-- Health Insurance Portability & Accountability Act (HIPAA) home page. ADHS HIPAA Compliance reports to the Office of Administrative Counsel and Rules, located under the Director’s Office. Contact information is provided below.

What is HIPAA?

The Title II provisions of HIPAA, known as the Administrative Simplification regulations, mandate national privacy standards for the creation, use, disclosure, and retention of patient identifiable health information; the standardization of electronic transactions and codes related to health care payment activities; data security and integrity requirements for the maintenance and transmission of patient information. HIPAA will also require the use of a National Provider Identifier (“NPI”) for physicians, dentists and other health providers who submit electronic claims to health plans, including Medicaid and Medicare. A National Employer Identifier has already been implemented. A National Health Plan Identifier will be implemented at some future date.

HIPAA Designation for ADHS

For HIPAA purposes, the Arizona Department of Health Services is designated as a Hybrid Entity. This denotes that ADHS has both Covered Components and Non-covered Components as it pertains to HIPAA. Only the designated Covered Components within ADHS are required to comply with HIPAA.

ADHS HIPAA Covered Areas & Notices of Privacy Practices (NPP)

HIPAA requires that Covered Components/Entities provide a Notice of Privacy Practices (NPP) to each client. The NPP informs the client of his or her rights regarding the uses and disclosures of their Protected Health Information. The NPP must be written in plain language and explain the reasons for the uses and disclosures being made. ADHS reserves the right to make modifications to our Notice of Privacy Practices and the terms of the notice at any time. The modified Notice of Privacy Practices will be available through the ADHS website. A hard copy of the notice may be printed from the website or obtained from the HIPAA covered component or ADHS HIPAA Compliance. The following areas are the HIPAA Covered Components at ADHS and each has its own NPP. Please click on the links below to view each area’s NPP:

Non-ADHS HIPAA Complaints

ADHS is not authorized to provide individual advice or guidance regarding HIPAA compliance issues that do not related to activities of the Arizona Department of Health Services. For HIPAA compliance issues that pertain to entities other than the Arizona Department of Health Services (e.g., doctors, hospitals, and other providers) please contact:

Office of Civil Rights (OCR)

Center for Medicare and Medicaid Services (CMS)

While OCR will accept HIPAA compliance complaints, the OCR encourages individuals to try to resolve the compliance complaint or concern directly with the Covered Entity. If the individual is not satisfied with the Covered Entity's complaint resolution, OCR will begin an investigation. Individuals are required to file a complaint with the OCR within 180 days of the date of the alleged violation.

ADHS HIPAA Complaints

If you have a HIPAA compliance complaint or concern with the Arizona Department of Health Services or one of its covered components, please contact ADHS HIPAA Compliance for a complaint form and reporting instructions. You may also file a HIPAA complaint with OCR for a concern related to ADHS. While OCR will accept any HIPAA compliance complaints, the OCR encourages individuals to try to resolve the compliance concern directly with the entity, such as ADHS. An individual may also file a complaint with the OCR after attempting resolution with ADHS. Any complaint filed with the OCR for a requested investigation must be received by the OCR within 180 days of the date of the alleged violation. The 180 day time limit applies regardless of whether the matter is filed initially with the OCR or after receiving a response from ADHS.

HIPAA Compliance
1740 West Adams, Ste. 200
Phoenix, AZ 85007
ADHS HIPAA Referral Line: (602) 364-1560
Fax (602) 542-0112
e-mail webhipaa@azdhs.gov

HIPAA is a Federal Mandate and The Office of Civil Rights (OCR) under the Department of Health and Human Services is the oversight authority for all HIPAA Privacy Matters. The Center for Medicare and Medicaid Services (CMS) is the oversight authority for all HIPAA Security Matters. ADHS HIPAA Compliance is responsible only for HIPAA compliance within the Arizona Department of Health Services. ADHS HIPAA Compliance cannot give legal advice on HIPAA matters. HIPAA questions or complaints regarding personal matters should be discussed with your provider, health plan or check OCR’s or CMS’s web page for further information.

45 CFR Parts 160, 162, and 164
The list of covered areas is subject to change by ADHS. Please contact ADHS HIPAA Compliance for question regarding covered areas.