Frequently Asked Questions

What is HIPAA and why was it enacted?

  • A federal statute called the “Health Insurance Portability and Accountability Act”.
  • Meant to make health insurance portable.
  • Designed to protect the privacy and security of health care information.
  • Intended to fight fraud and abuse in the health care industry.

What doesn’t HIPAA do?

  • Give the State Department of Health any authority to enforce it.
  • Give individuals the right to sue for damages.
  • Tell health care providers or insurance companies that they can never release any information.
  • Apply to schools or employers (unless the employer is running a self-funded insurance plan)

What components of the Indiana State Department of Health are required to comply with HIPAA?

  • Breast and Cervical Cancer Program
  • Children's Special Health Care Program
  • Genomics/Newborn Screening Program
  • Hemophilia Program
  • HIV Medical Services Program
  • Blood Lead Program - ISDH Lab
  • Indiana Lead & Healthy Homes Program

How can I file a complaint if I believe HIPAA has been violated?

HIPAA allows people to complain to one or all of the following: the US Office for Civil Rights; their state attorney general’s office, and the covered entity where the violation is alleged to have taken place. Anyone who suspects a violation of HIPAA can complain, even if their own protected health information was not compromised. Here are the relevant links; the addresses and phone numbers are listed further below

  • To file a complaint with the federal agency that enforces HIPAA, click here to be redirected to the U.S. Office for Civil Rights.
  • To file a complaint with the Indiana Attorney General’s office, click here.
  • To file a complaint about one of the HIPAA covered Indiana State Department of Health programs directly with the Department, please click here for the complaint form.
  • You can complain to the covered entity where the violation occurred; HIPAA requires covered entities to investigate complaints they receive.

For complaints involving the Indiana State Department of Health:

Privacy Officer
Office of Technology & Compliance
Indiana State Dept. of Health
2 N. Meridian St., 3K
Indianapolis, IN 46204


For any HIPAA violation that impacts a resident of Indiana:

Indiana Attorney General
Consumer Protection Division
302 W. Washington St., 5th Floor
Indianapolis, IN 46204


For all HIPAA violations:

US Dept. Health & Human Services
Office for Civil Rights – Region V
233 N. Michigan Ave. – Suite 240
Chicago, IL 60601


For further information about HIPAA, visit the U.S. Health and Human Services Office for Civil Rights Frequently Asked Questions page: