The Health Insurance Portability and Accountability Act (HIPAA) privacy rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the privacy rule is balanced so that it permits the disclosure of personal health information (PHI) needed for patient care and other important purposes. Texas state laws and legislation strengthen the protection to include an individual's sensitive personal information (SPI).

As a covered entity, the Texas Department of Aging and Disability Services (DADS) is mandated to follow the HIPAA and privacy rules, as well as state legislation. Legislation requires that DADS:

  • Ensures the security and safeguard of protected health information (PHI) and sensitive personal information (SPI).
  • Provides HIPAA and privacy training to employees, contract employees, and volunteers.
  • Requires an employee, contract employee, volunteer, or manager to report a potential violation incident to the DADS Privacy Office.
  • Requires the privacy officer to review and complete a risk assessment to determine the validity of an incident, and provide recommendations for approval to DADS commissioner, if notification is required.
  • Reports HIPAA violations and findings to the federal secretary of Health and Human Services, as required.

What is a Contract Employee or Volunteer?

A DADS contract employee is an individual engaged by DADS to provide specific set of services and perform duties that would otherwise be completed by DADS staff.

A volunteer is a person who gives freely of their time, compassion and skills to enrich the lives of the individuals served by DADS.

DADS Contract Employee and Volunteer Training

As a DADS contract employee or volunteer, you are required to complete HIPAA training.

Reporting an Incident

An incident is an event, which may result or appear to have resulted, in accidental or deliberate unauthorized access, loss, disclosure, modification, disruption, or destruction of confidential information. An incident may result in the possession of unauthorized knowledge, the wrongful disclosure of information, embarrassment to the agency, the unauthorized alteration or destruction of information or systems, or violation of federal or state laws or regulations or agency business requirements.

As a DADS contract employee or volunteer, you are required to report any suspected unintentional or unauthorized access, loss, disclosure, modification, disruption, or destruction of confidential PHI or SPI.

To report an incident, you should immediately notify the DADS manager or contact staff where you are located. You may also contact the DADS Privacy Office at 877-379-7410 or by email Privacy.Office@dads.state.tx.us.

Contact Us

If you have questions regarding HIPAA or privacy issue, contact DADS Executive and Staff Operations, Administrative Management Services, Privacy Office, at 1-877-379-7410 or by email at Privacy.Office@dads.state.tx.us.