Privacy FAQs

What is HIPAA?

The Health Insurance Portability and Accountability Act passed by Congress in 1996 helps ensure easy access to health care as you change from one employer to another. HIPAA protects health information and includes privacy, security and breach notification. The privacy rule provides rights about a person's health information and limits how someone's health information can be used and shared. The security rule provides guidance on how an individual's health information must be secured by administrative, technical and physical safeguards.

What is PHI?

Protected Health Information is individually identifiable health information in any form that is created, received, maintained or transmitted by a HIPAA-covered entity, and relates to a person's health care condition, provision of healthcare, or payment for the provision of healthcare, as further described and defined in the HIPAA privacy rule. PHI includes demographic information unless such information is de-identified. PHI includes, without limitation, "electronic protected health information" and unsecure PHI. PHI includes PHI of a deceased person for 50 years after the date of death.

What is PII?

Personally Identifiable Information is information that can be used to uniquely identify, contact or locate an individual or can be used with other sources to uniquely identify an individual.

What is SPI?

Sensitive Personal Information is a person's first name, or first initial and last name in combination with any or one of the following items, if the names and items are not encrypted:

  • Social Security number
  • Driver's license or government-issued identification number
  • Account number, or credit or debit card number in combination with any required security code, access code or password that would permit access to an individual's financial account

It also includes any facts that identify an individual and relates to:

  • The physical or mental health or condition of the individual.
  • The provision of health care to the individual.
  • Payment for the provision of health care to the individual.

How do I correct my case information if it's wrong?

You may ask us to correct your case records if you think there might be a mistake. Call 2-1-1 or 877-541-7905, toll-free, pick a language and select option 2. If you are hearing or speech impaired, you may call 7-1-1 or 800-735-2989 (TTY).

How do I get a copy of my records and how much will it cost?

You can submit a request in writing by mail, fax or email. Include your name, address and a clear description of the records you are requesting:

HHS Open Records Coordinator
4900 N. Lamar Blvd.,
Austin, TX 78751-2316
Fax Number: 512-424-6586

If there is a cost to get your records, we will send you a letter to let you know how much it will cost.

What is the Notice of Privacy Practices?

The Notice of Privacy Practices tells you

  • How HHS can use and disclose your protected health information.
  • HHS has a duty to protect the privacy of your health information.
  • You have the right to complain to the HHS system or the U.S. Department of Health and Human Services, Office for Civil Rights if you think your privacy rights have been violated.
  • How you can contact the HHS system to get more information about privacy or to file a complaint.
  • We may need to get your authorization before we can share your records for any other reason.

Will the Notice of Privacy Practices affect my benefits I get from HHS?

No. The Notice of Privacy Practices does not affect your benefits.

Who can HHS give my information to?

HHS may share your information for the following reasons:

  • We may use your health information and share it with professionals who are treating you.
  • We may use and disclose your information to run our organization and contact you when necessary.
  • We may use and disclose your health information to pay for your health services.
  • We may disclose your health information for health plan (CHIP, Medicaid or other government health program) administration.

How do I file a complaint?

If you are a client, you can file a complaint with HHS by calling 2-1-1 or 877-541-7905 toll-free. If you are hearing or speech impaired, you may call 7-1-1 or 800-735-2989 (TTY)


You can submit a complaint in writing or complete the HHS Privacy Complaint form and send it to:
Texas Health and Human Services
Privacy Division
PO BOX 149030, Mail Code 1355
Austin, TX 78714-9030

Or email at

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, Region VI, 1301 Young St., Suite 1124, Dallas, TX 75202. You can call 800-368-1019, toll-free, fax 214-767-3209 or visit If you are hearing or speech impaired, you may call 800-537-1697 (TTY).

How does HHS keep my information safe?

HHS follows the requirements in federal and state laws to maintain the privacy and security of your protected health information.

If I have questions about privacy, who can I call?

You can call the HHS Privacy Division at 800-378-9869 or you can email the HHS Privacy Division at

How can I get an accounting of disclosures of my information?

You may request in writing an accounting of disclosures by HHS of your information. Include your name, address and a phone number we can use to contact you if needed. Mail your request to the Privacy Division at:

Texas Health and Human Services
Privacy Division
Mail Code 1355
PO BOX 149030
Austin, TX 78751-9030

You may get an accounting of disclosures for the time period that is less than six years from the date of your request. We will provide you with a list of all times we have shared your PHI for any purpose other than standard HHS treatment, payment, and operations functions. This means that this list will not include releases of your information such as:

  • To our business associates and contractors which help HHS with its day-to-day operations.
  • To our managed care partners who may provide you with health insurance services.
  • To you or your authorized representative.
  • You otherwise authorized or requested.