Residents

The Anne Arundel County Mental Health Agency (AACHMA) is committed to protecting your health information. AACMHA is required by law to maintain the privacy of Protected Health Information (PHI). PHI includes any identifiable information that we obtain from you or others that relate to your physical or mental health, the health care you have received, or payment for health care. 

As required by law, this notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of PHI.

Download the AACMHA Privacy Notice

Complaints or concerns about an Anne Arundel County behavioral health provider or program can be submitted to the Anne Arundel County Mental Health Agency by completing our complaint form.

For questions about this form, please call 410-222-7858 or email aac-lbha-connect@aacounty.org. 

Download the Complaint Form

From the Maryland Department of Health:

HIPAA protects your health information that is kept by providers (doctors, clinics, hospitals, etc.), health plans (insurance companies, Medicaid), and a type of entity called a health care clearinghouse, which is often a business that does medical billing for providers so that they can submit proper claims to insurers. These are called Covered Entities. Your protected health information (PHI) is health information that is kept or created by a Covered Entity and can be used to identify you individually. 

The  HIPAA Privacy Rule requires Covered Entities and Business Associates not to disclose your PHI except in well-defined, limited circumstances. A Covered Entity must disclose your PHI to you or to a third party that you authorize to receive it. Other HIPAA-permitted disclosures include when your health providers need to discuss your health information with each other for treatment purposes or when your provider submits a claim to your insurance company. Sometimes, your health information must be disclosed because it is required by law or because it is the subject of a court order or subpoena.

The Privacy Rule also requires that Covered Entities keep any paper records private, to avoid unauthorized disclosure. This usually means that paper records are kept in a secure location such as a locked cabinet

The HIPAA Security Rule requires Covered Entities to keep your Protected Health Information secure. This means that electronic PHI (ePHI) should be stored only on encrypted, password protected devices. Exchange of your ePHI should only occur over networks with appropriate security safeguards (encryption, etc.) in place. 

How Can You Report a HIPAA violation?
If you believe PHI was disclosed in violation of HIPAA or if you believe that PHI has not been kept private and secure as required by HIPAA, you can file a complaint in ONE of the following ways: 

1.  Contact the Privacy Officer for the Covered Entity. All Covered Entities are required by HIPAA to appoint a person as the Privacy Officer. Their name and contact information should be posted on the Covered Entity's website and should be made available to you if you ask them for the information. The information is required to be part of the “Notice of Privacy Practices" that all patients receive.
2. File a Complaint with the U.S. Department of Health and Humans Services Office for Civil Rights (OCR)

A Mental Health Advance Directive (MHAD) is a legal document that allows a person with a mental illness to state their wishes and preferences in advance of a mental health crisis. A Maryland Mental Health Advance Directive was developed by a consortium representing the Maryland Department of Health, providers, and consumer and advocacy groups.

Learn More About the Maryland MHAD and Access the Form