What is HIPAA?

HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. 

The HIPAA Privacy Rule provides protections for individually identifiable health information held by covered entities and their business associates and gives individuals rights with respect to that information. The HIPAA Privacy Rule is balanced so that it permits the disclosure of information needed for care, payment for care and other purposes. 

The HIPAA Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.

The HIPAA Beach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured protected health information. 

HIPAA at Multnomah County

Multnomah County is a hybrid covered entity. This means that HIPAA applies to parts of the county, but not all of it.  

You can file a privacy or security complaint, breach, incident or other event via this form: https://multcoprivacy.ethicspoint.com.  Or, email privacy@multco.us if you have general questions about the County's HIPAA compliance program.  

Notice of Privacy Practices

County covered components that perform functions within the scope of HIPAA under the Multnomah County HIPAA hybrid covered entity are required to provide a Notice of Privacy Practices to their clients.  The following notices describe how information will be used and disclosed.  If you are a client, please contact your County program contact for additional information.

Health Department Notice of Privacy Practices Effective 01/08/2020

Department of Community Justice Notice of Privacy Practices Effective 9/23/13