Notice of Privacy Practices: HIPAA requires us to provide our patients, clients and MaineCare members with a Notice of Privacy Practices, to inform individuals of their rights and our obligations regarding their information. We are required to follow the terms of our Notice.

Privacy and Security of Health Information - HIPAA

The Maine Department of Health and Human Services (the “Department”) takes the protection of health information very seriously.  DHHS has a Director of Healthcare Privacy who serves as our Department’s Privacy Officer, and our offices have Privacy and Security Officials or Privacy Liaisons who work to follow state and federal healthcare privacy laws, including the Health Insurance Portability and Accountability Act of 1996, or HIPAA. HIPAA has many purposes, but in part, it tells us how we can use and share protected health information, and the safeguards that are required to keep that information secure. HIPAA does not apply to all of our offices or programs, but when it does, we are required to follow it. There are steep penalties for failing to comply with the law.

Even if an office does not fall under HIPAA, the Department still promises to use reasonable safeguards to protect the information of the individuals we serve.

Authorization or Release Form HIPAA and Maine law also require us to provide our patients, clients and members with the opportunity to disclose or share their confidential information through the use of an authorization or release form that includes certain legal language.  A global form has been developed to permit the individual to provide such permission easily.
Download form

The Department implements and updates confidentiality policies, procedures, training and forms that the law requires for us to keep health information protected, whether that information is part of a conversation, in a paper chart, or part of an electronic record.  Only the minimum health information necessary to conduct business is to be used or shared. Additionally, we only enter into agreements with other organizations to help us with our business processes if they agree to safeguard the information as the law requires.

We will also investigate any possible breach of patient or client data that happens at a Department office or with one of our vendors or business associates. If an actual breach occurs, the Department will contact individuals whose information is at risk, and report the breach to government regulators.

If you have questions, you may contact our Director of Healthcare Privacy at


Some outgoing mail from the State may be encrypted and stored in a location where you can access your message securely. For more information and instructions on how to retrieve your ZixMail, please visit Receiving Encrypted Email on the ZixCorp website.