Font Size

Notice of Privacy Practices


Health Insurance Portability and Accountability Act (HIPAA) Notice of Privacy Practices

View or print this information as a document:

The Mississippi Division of Medicaid (DOM) is required by law keep your Protected Health Information (PHI) private. DOM gets PHI from you when you apply for Medicaid, and when your health care providers (for example, your doctor, dentist, clinics, labs, and hospitals) send PHI to DOM to ask DOM to approve and pay for your health care. PHI may include your name, address, birth date, phone number, Social Security number, and medical information. This information is part of your Medicaid record and DOM stores it in files and on a computer. DOM is required by law to give you this Notice of Privacy Practices (Notice) which describes its legal duties and privacy practices regarding your PHI.

How DOM May Use or Disclose Your Protected Health Information

DOM may use or share your PHI for reasons related to the administration of the Medicaid program. In order to carry these tasks out, DOM may contract with others outside the agency for services. For example, DOM contracts with a private company to process the claims sent in by your health care provider. DOM may need to share some or all of your PHI with that company so your health care bills are paid. When this is done, the law and DOM requires that company, called a “business associate,” to follow the law just like DOM does and to keep all of your PHI safe.

DOM may use or disclose your PHI for the following purposes:

DOM may use or share PHI about you to make sure you get the care you need. For example, DOM may provide a list of what medicines you have received to your doctors, so they can consider these when prescribing additional medications.

DOM may use or share PHI about you so that it can pay for your health services. For example, your doctor will send certain health and private information about you to DOM or a DOM business associate, who will check to see if you are eligible for benefits and then will send payment directly to the health care provider for those services if you are eligible.

Health Care Operations
DOM may use or share PHI about you to run the Medicaid program. DOM may use your health records to check the quality of the health care you get and in audits, fraud and abuse programs, planning, and management. For example, DOM may contract with a private company to review the care and services you have received to ensure that your doctor or other health provider provided quality care to you.

Notification and communication with family
We may use or share your PHI to tell a family member, your personal representative, or another person responsible for your care about where you are, your general condition, or if you die. If you are able and can agree or object, DOM will give you a chance to object prior to making this notification. If you are unable or cannot agree or object or it is an emergency or disaster relief situation, DOM will use its best judgment in telling your family and others. If you are deceased, DOM may disclose to a family member, a personal representative, or another person who was involved in your care or payment for health care prior to your death, your PHI that is relevant to such person’s involvement, unless doing so is inconsistent with any of your prior expressed preferences that are known to DOM.

Required by law
DOM may use or share your PHI when required by federal, state, and local laws, or by court order.

Public health activities
When required or permitted by law, DOM may use or share your PHI for public health activities, such as: preventing or controlling communicable disease, injury, or disability; reporting births and deaths; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.

Health oversight activities
DOM may use or share your PHI with health agencies during the course of audits, investigations, inspections, licensure, and other proceedings.

Judicial and administrative proceedings
DOM may use or share your PHI in the course of any administrative or judicial proceeding.

Law enforcement and government authorities
DOM may use or share your PHI with a law enforcement official or government authority for purposes such as: identifying or locating a suspect, fugitive, material witness, or missing person; complying with a court order, subpoena, or similar process; reporting suspicious wounds, burns, or physical injuries; reporting child abuse, neglect, or domestic violence; and relating to the victim of a crime.

Deceased person information
DOM may use or share your PHI with coroners, medical examiners, and funeral directors as necessary to carry out their duties.

Organ, eye, or, tissue donation
DOM may use or share your PHI with organizations involved in procuring, banking, or transplanting organs, eyes, or tissues.

DOM may use or share your PHI with researchers doing research that has been approved by a DOM approved Privacy Board.

Public safety
DOM may use or share your PHI with appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.

Specialized government functions
DOM may use or share your PHI for military, national security, correctional institution, government benefits, and other specialized government purposes.

Worker’s compensation
DOM may use or share your PHI as necessary to comply with worker’s compensation laws.

When DOM May Not Use or Disclose Your Health Information

Most uses or disclosures of psychotherapy notes, uses or disclosures of PHI for marketing purposes, and disclosures that constitute the sale of PHI require your written authorization.

Except for those purposes described in this Notice, DOM will not use or share your PHI without your written authorization. If you do authorize DOM to use or share your PHI in other ways not described in this Notice, you may take back your authorization in writing at any time. However, this revocation of your authorization will not be effective for PHI that DOM has used or shared before you took back your authorization.

DOM is required by law to notify you if there is a breach of your unsecured PHI.

Your Health Information Rights

  • You have the right to ask for restrictions on certain uses and disclosures of your PHI. DOM does not have to agree to the restriction that you ask for.
  • You have the right to have DOM contact you confidentially in a certain way or at a certain location. DOM will grant your request if it is reasonable and you believe it is needed for your safety. You will be told in advance of any fees or charges for this process.
  • You have the right to inspect and obtain a copy of your PHI. DOM may deny this request in certain situations, and if the request is granted, there may be fees or charges for this process.
  • You have the right to ask DOM to change PHI in your record that you believe is not correct or not complete. DOM does not have to change your PHI and will inform you of its decision to deny your request. You will be told how you can disagree with the denial.
  • You have the right to get a list of disclosures of your PHI made by DOM, except that DOM does not have to include disclosures for certain purposes, including: treatment, payment, health care operations, information provided to you, certain government functions, and certain other limited purposes.
  • You have the right to request a paper copy of this Notice. You may also obtain a copy of this Notice on the DOM website under Publications.

When Your Health Information is Disclosed without Authorization or Misused

If an employee of DOM uses your health information in a manner that is not compliant with this Notice of Privacy Practices and relevant privacy laws, the employee is subject to sanctions up to and including termination. Additionally, civil money penalties up to $1,500,000 may be imposed on DOM or any DOM business associate for misuse of your health information. Persons who are knowingly in violation of the HIPAA privacy requirements may be subject to criminal penalties of up to $250,000 and not more than 10 years in prison.

Changes to this Notice of Privacy Practices

DOM reserves the right to change this Notice at any time in the future, and to make the new provisions effective for all PHI that it keeps, including PHI that was created or received prior to the date of such change. Until such change is made, DOM must comply with this Notice. Upon a material change of this Notice, DOM will send a new Notice with the changes and effective date of change to each current beneficiary.


If you believe your privacy rights described in this Notice have been violated, you may submit a complaint to:

Privacy Officer
Mississippi Division of Medicaid
Walter Sillers Building
550 High Street, Suite 1000
Jackson, MS 39201-1399

Toll-free: (800) 421-2408
Phone: (601) 359-6050

You may also submit a complaint to:

Attn: Regional Manager, Region IV – Office for Civil Rights
U.S. Department of Health and Human Services
Sam Nunn Atlanta Federal Center, Suite 16T70
61 Forsyth Street, S.W.
Atlanta, GA 30303-8909

Toll-free: (800) 368-1019
Telecommunications device for the deaf: (800) 537-7697

If you file a complaint, DOM will not take away your health care benefits or retaliate against you in any way.

HIPAA Contacts

If you have any questions about this Notice or DOM’s privacy practices, or you wish to use any of the privacy rights explained in this Notice, contact the DOM Privacy Officer at the address or number listed above.

For instructions on how to obtain this information in Braille, another language, or other available formats, please call toll-free at (800) 421-2408 or contact your local Medicaid regional office.

Si necesita esta información en español, por favor llame 1-800-421-2408 o póngase en contacto con su oficina local de DOM Regional. Información de contacto de estas oficinas puede encontrarse en el sitio web de DOM