​​​​The Office of Compliance provides guidance and oversight to internal County of Sacramento departments for compliance with the Health Insurance Portability and Accountability Act (HIPAA).​

​T​​o ensure consistent, countywide compliance, the County of Sacramento has a HIPAA Privacy Officer as well as a HIPAA Security Officer. Duties are delegated to the County's Office of Compliance which fulfills and monitors compliance efforts.


  • Privacy Complaints: The Office is responsible for responding to and resolving HIPAA-related complaints for internal County of Sacramento programs, whether such complaints are made by clients or employees. Complaints must be in writing using the form provided (see Forms in the navigation bar on the top of this page). The Office of Compliance maintains a toll free number for inquiries about HIPAA privacy complaints regarding internal County of Sacramento administered programs:​ 1-866-234-6883 / TTY 1-877-835-2929.
  • Request to Access Health Records: The "Client Request to Access Health Records" form (Form 2093) is used by the client to request access to, or receive a copy of, their own health information. This form may also be used for the client to request a copy be sent to a third party (the client's attorney, for example).   We are required to verify identity and authority in order to protect client's health information before releasing any protected health information.  Please follow the instructions attached to the form.

Notice of Privacy Practices

The Notice of Privacy Practices is in the Privacy Practices navigation bar on the top of this page. There are 2 formats:  a webpage and a two-sided 8.5" by 14" brochure. (The Notice of Privacy Practices webpage can be translated into other languages by using the translator at the bottom of the Notice of Privacy Practices page.)  Primary Health Services, please also see OCHIN NOPP addendum regarding health records in the OCHIN electronic health record.

Policies and Procedures

The County's HIPAA Policies and Procedures ("Policies/Procedures") are comprised of both the Privacy Rule and Security Rule Policies and Procedures.

Non-Employee Training

Contents Include: 

  • HIPAA Privacy & Security​ Rule Training for Temporary Agency, Volunteers, Registry & Contractors working in HIPAA-covered departments (includes Training Acknowledgement ​​form)
  • HIPAA Confidentiality Primer for Contractors With Incidental Access to PHI (includes Confidentiality Agreement form)