The Caroline County Health Department’s Vital Records office will not be issuing Birth and Death Certificates on Friday, July 5, and Monday, July 8. Normal hours will resume Tuesday, July 9, at 8:30 AM. Thank you!

Privacy / HIPAA Information

Maryland Department of Health Notice of Privacy Practices

The Caroline County Health Department is a unit of the Maryland Department of Health. As such, it is subject to and complies with the Maryland Department of Health Privacy Practices

The Maryland Department of Health (MDH) is committed to protecting your health information. MDH is required by law to maintain the privacy of Protected Health Information (PHI). PHI includes any identifiable information that we obtain from you or others that relate to your physical or mental health, the health care you have received, or payment for health care.

Please visit the MDH Website for complete information on Privacy Practices, including how to file a complaint if you believe your privacy rights have been violated. 

Privacy Practice documents are available in other languages and alternative formats that meet the guidelines for the Americans with Disabilities Act. If you have questions and would like more information, you may contact:

Lauren Boyce, Esq.

Privacy Officer

MDH Office of the Inspector General

Phone: (410) 767-5411

Maryland Department of Health HIPAA Individual Rights Policy

The Caroline County Health Department is a unit of the Maryland Department of Health. As such, it is subject to and complies with the Maryland Department of Health HIPAA Individual Rights Policy.

The Maryland Department of Health (MDH) is committed to protecting the health information of Maryland citizens. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the Omnibus Final Rule of 2013 (collectively, “HIPAA”), and their implementing regulations require that MDH adopt policies on specific issues. The purpose of this policy and related guidelines is to ensure department-wide consistency in fulfilling the individual rights requirements of Federal and State laws regarding protection of health information. 

This policy explains the individual rights that are required under the HIPAA standards, including the requirements for adoption and distribution of the Notice of Privacy Practices, the rights of individuals to access and request amendment of their protected health information (PHI), restrictions on use and disclosure of PHI, confidential communications, and accounting of disclosures that have been made of individual’s PHI. Individual rights under the Maryland Confidentiality of Medical Records Act of 1990 (MCMRA) and other applicable Federal and State laws and regulations on health information are also included.

Access the full HIPAA Individual Rights Policy

Maryland Department of Health HIPAA Privacy Administrative Requirements Policy

The Caroline County Health Department is a unit of the Maryland Department of Health. As such, it is subject to and complies with the Maryland Department of Health HIPAA Privacy Administrative Requirements Policy.

The Maryland Department of Health (MDH) is committed to protecting the health information of Maryland citizens.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the Omnibus Rule of 2013 (collectively, “HIPAA), and their implementing regulations require that MDH adopt policies on specific issues.  The purpose of this policy and related guidelines is to ensure department-wide consistency in fulfilling the administrative and organizational requirements of Federal and State mandates regarding the privacy and security of protected health information (PHI). 

The Secretary shall designate one individual as the MDH Privacy Officer.  The roles and responsibilities of the Privacy Officer and MDH health care components (Covered Components) are explained.  The MDH Privacy Officer shall coordinate activities of the Privacy Office with the Corporate Compliance Office, the Office of the Attorney General (OAG), and MDH Covered Components to implement, monitor, and enforce the requirements of this and related mandates.  

This policy explains the administrative and organizational requirements for privacy in the HIPAA standards including MDH’s need to develop conforming relationships with business associates, a complaint process, sanctions against members of the workforce who violate privacy policies or practices, mitigation procedures should a violation occur, protection for whistleblowers, practices to safeguard PHI, and retention of documentation otherwise required under the law. 

The OAG has determined that MDH is a single legal entity that performs a variety of health care and public health activities, thereby meeting the definition of a “hybrid entity” as defined in the HIPAA regulations. This policy serves to meet the organizational requirement that such designation be officially documented and specifically identifies the MDH Covered Components in the appendix.

Access the full HIPAA Privacy Administrative Requirements Policy

Maryland Department of Health HIPAA Breach Response Policy

The Caroline County Health Department is a unit of the Maryland Department of Health. As such, it is subject to and complies with the Maryland Department of Health HIPAA Breach Response Policy.

The Maryland Department of Health (MDH) is committed to protecting the health information of Maryland citizens.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the Omnibus Rule of 2013, together known as HIPAA, and their implementing regulations require that MDH adopt policies on specific issues.  The purpose of this policy and related guidelines is to ensure department-wide consistency in fulfilling the HIPAA breach response requirements.  

The Secretary of MDH has designated a Privacy Officer for MDH within the Office of the Inspector General (OIG), whose duties include working cooperatively with the MDH covered components’ HIPAA privacy contacts to coordinate the duties related to the fulfillment of these responsibilities.  This policy explains the breach response procedures that are required under HIPAA standards, including the requirements for notifying affected individuals in the event of a breach of their unsecured Protected Health Information (PHI).  

Access the full HIPAA Breach Response Policy