Skip to Content

Privacy Information

The information contained under the TennCare website regarding privacy regulations such as the Health Insurance Portability and Accountability Act of 1996, known as HIPAA, is intended for educational purposes only and should not replace rules and regulations set forth by law and publicly made available by the United States Government Printing Office.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA was passed into law in August of 1996 and its primary initial focus was to protect health insurance coverage for workers and their families when they changed or lost their jobs. The Administrative Simplification provisions of HIPAA require the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards improves the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.
Federal privacy protections include the HIPAA Privacy and Security Rules promulgated by the United States Department of Health and Human Services and as amended by the final rule modifying the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act (HITECH) enacted as part of the American Recovery and Reinvestment Act of 2009.

The HIPAA Privacy rule:

  • Limits the use and release of individually identifiable health information;
  • Gives patients the right to access individually identifiable health care information in the hands of a covered entity, to which the law applies;
  • Restricts disclosure of individually identifiable health care information to the minimum necessary amount needed for the intended purpose; and
  • Establishes safeguards and restrictions on access to records for certain public responsibilities.

The HIPAA Security rule:

  • Establishes a set of national standards for confidentiality, integrity and availability of electronic protected health information;
  • Requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information; and
  • Requires covered entities to perform risk analysis as part of their security management processes.

To learn even more about HIPAA and HITECH, please click on the links below. If you have any questions, please call: 1-877-696-6775.

Notice of Privacy Practices

For Your Protection: This notice (pdf, 56kb) describes how medical information about you may be used and disclosed. It also tells how you can GAIN access to this information. Please review it carefully.

Para informaciĆ³n acerc a de TennCare en espaƱol llame al 1-866-311-4290