What
is HIPAA?
The
Health Insurance Portability and
Accountability Act of 1996 (Public
Law 104-191) established a national
floor of consumer privacy protection
and marketplace reform. Some key
provisions include: insurance reforms,
privacy and security, administrative
simplification, and cost savings.
What
is the HIPAA Privacy Rule?
HIPAA
required Congress to enact privacy
legislation by August 1999 or the
Secretary of DHHS was to develop
regulations protecting privacy.
The HIPAA Privacy Rule (Standards
for Privacy of Individually Identifiable
Health Information) sets national
minimal standards for protected
health information.
Top
Implications
for Public Health
The
Privacy Rule strikes a balance
between protecting patient information
and allowing traditional public
health activities to continue.
Disclosure of patient health information
without the authorization of the
individual is permitted for purposes
including but not limited to
-
disclosures required by law (45
CFR § 164.512(a)) or
-
for “public health activities
and purposes.” This includes
disclosure to “a public
health authority that is authorized
by law to collect or receive
such information for the purpose
of preventing or controlling
disease, injury, or disability,
including but not limited to,
the reporting of disease, injury,
vital events..., and the conduct
of public health surveillance,...
investigations, and... interventions.”
(45 CFR § 164.512(b)(i))
Definition
of Public Health Authority
Defined
as “an agency or authority
of the United States, a State,
a territory, a political subdivision
of a State or territory, or an
Indian tribe, or a person or entity
acting under a grant of authority
from or contract with such public
agency, including the employees
or agents of such public agency
or its contractors or persons or
entities to whom it has granted
authority, that is responsible
for public health matters as part
of its official mandates.”
(45 CFR § 164.501)
|
