Skip directly to search Skip directly to A to Z list Skip directly to navigation Skip directly to site content Skip directly to page options
CDC Home

HIPAA, Privacy & Confidentiality

Health Insurance Portability and Accountability Act of 1996

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule seeks to protect individually identifiable health information from uses and disclosures that may unnecessarily compromise a person’s privacy. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities, but balances that protection with permitting the disclosure of personal health information needed for patient care and other important purposes.

The Privacy Rule applies to health plans, health care clearinghouses, and any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of Health and Human Services has adopted standards under HIPAA (defined as “covered entities”). Many organizations that use, collect, access, and disclose individually identifiable health information will not be covered entities under the rule, and thus will not have to comply with the Privacy Rule. In the realm of emergency response, HIPAA can create an environment in which the aging services providers and other organizations may have concerns about sharing the names of older adults who might require assistance. Local and state agencies and organizations should understand how HIPAA may impact planning and response efforts.

Guidance Memorandum to Administration on Aging

Only covered entities are subject to HIPAA’s controls. Organizations must first determine whether they qualify as a covered entity under the Rule. The U.S. Department of Health and Human Services released a guidance memo [PDF–177K] explaining that programs operating under the Older Americans Act do not meet the criteria for a covered entity as a health plan, but may meet the criteria for a health care provider, and may collect the type of personal health information covered under the Rule. Some aging programs, therefore, may be subject to HIPAA’s privacy rules.

Disclosures for Emergency Preparedness

The U.S. Department of Health and Human Services has created a decision tool to assist entities in determining how the Privacy Rule applies to certain disclosures within the realm of emergency preparedness, planning, and response.

Related Links



ABC Widget Emergency Preparedness Resources for At-Risk Older Adults. www.PHE.govShare this Widget


Contact Us:
  • Centers for Disease Control and Prevention
    Healthy Aging Program
    4770 Buford Highway, N.E., Mailstop F-78
    Atlanta, GA 30341-3717
  • 800-CDC-INFO
    TTY: (888) 232-6348
    Closed Holidays
  • Contact CDC-INFO The U.S. Government's Official Web PortalDepartment of Health and Human Services
Centers for Disease Control and Prevention   1600 Clifton Rd. Atlanta, GA 30329-4027, USA
800-CDC-INFO (800-232-4636) TTY: (888) 232-6348 - Contact CDC-INFO