Skip to main content
  • Notice of Privacy Incident
  • Medicaid Provider Termination Alert: Revalidation deadlines are approaching. Failure by providers to revalidate will lead to termination and payment suspension. Check your account now at https://impact.illinois.gov/ to learn if your required revalidation is due this month. More revalidation information here.

Health Insurance Portability and Accountability Act (HIPAA)

Welcome to the Illinois Department of Healthcare and Family Services Health Insurance Portability and Accountability Act (HIPAA) informational Web pages. The department will use these pages to communicate HIPAA-specific information to our providers in a concise and consistent manner.

Sanctions may be imposed for improper use or disclosure of health information

Civil Penalties may be imposed for improper use or disclosure of medical information.  In accordance with 45 C.F.R. § 160.404, the US Department of Health and Human Services Office of Civil Rights (OCR) may, in certain circumstances, impose civil or criminal penalties on covered entities and business associates, as those terms are defined at 45 CFR 160.103,  for failure to use or disclose health information in accordance with applicable law. Penalties may not exceed a calendar year cap for multiple violations of the same requirement.

Criminal Penalties may also be imposed for improper use or disclosure.  In accordance with 42 USC 1320d–6, a person who knowingly and improperly obtains or discloses health information may face a criminal penalty including a fine and a term of imprisonment.  The fines and terms of imprisonment increase if the individual obtains the information by misrepresenting a material fact, or if the person intends to sell, transfer, or use your health information for commercial advantage, personal gain or malicious harm.  The US Department of Justice is responsible for criminal prosecutions.

The department has compiled much of the HIPAA specific information within the following links:

In order to save you time, we encourage you to review these FAQs prior to contacting the Department.

Centers for Medicare and Medicaid Services (CMS) Web site, where additional information on HIPAA can be found.

Other Privacy Information

The Illinois Department of Healthcare and Family Services is working with the Illinois Department of Public Health to stop new HIV cases. The Illinois Department of Public Health is sharing HIV data they have with Illinois Medicaid and Illinois Medicaid Managed Care Organizations to have better care for people living with HIV. Name, date of birth, HIV status and other information is being shared safely and securely for all Medicaid members for the purpose of treatment and care coordination.

HFS Privacy Forms