|
Click
Here to see a list of previous articles
 |
HIPAA
and Public Health Reporting
|
The Centers for Disease
Control and US Department of Health and Human Services (DHHS) published
guidelines to help public health agencies and others interpret their responsibilities
under the Privacy Rule of the Health Insurance Portability and Accountability
Act of 1996 (HIPAA).
HIPAA regulations protect the privacy of certain individually identifiable
health data (protected health information [PHI]). Balancing the protection
of individual health information with the need to protect the public's
health, the Privacy Rule expressly allows disclosures without individual
authorization to public health officials as authorized by law to collect
or receive information for the purpose of preventing or controlling disease,
injury, or disability, including but not limited to public health surveillance,
investigation, and intervention.
PHI is individually identifiable health information that is transmitted
or maintained in any form or medium (e.g., electronic, paper, or oral).
It excludes certain educational records (FERPA) and employment records.
Elements of the Privacy Rule intend to:
| 1 |
limit the use and
release of health records; |
| 2 |
set safeguards for
most health care providers and others to protect the privacy of health
information; |
| 3
|
enable patients
to make informed choices based on how their health information may
be used; |
| 4 |
enable patients
to find out how their information may be used and what disclosures
of their information were made; |
| 5 |
generally limit
release of information to that needed for the purpose of the disclosure; |
| 6 |
generally give patients
the right to a copy of their record and request corrections; and |
| 7 |
enable persons to
control certain uses and disclosures. |
Public health practice,
including program operations, surveillance, evaluation, outbreak investigations,
direct services, and public health research, use PHI to identify, monitor,
and respond to disease, death, and disability. Public health authorities
traditionally preserve confidentiality and recognize the importance of
protecting privacy to maintain the integrity of health data.
DHHS recognized the importance of sharing PHI to achieve public health
objectives and to meet certain societal needs (e.g., law enforcement).
The Privacy Rule expressly permits PHI to be shared for specified public
health purposes.
(CDC and DHHS. MMWR 2003;52 (S1):1-12)
Comment: School nurses have had extensive
conversations about the implementation of HIPAA and FERPA. This outlines
the guidance that allows reporting infectious diseases, suspected child
abuse, and other public health-authorized information. Detailed information
about HIPPA Privacy: http://www.hhs.gov/ocr/hipaa/.
-J.O.
.
Contributed by: 
Previous Articles:
|
