Skip Navigation Links
Centers for Disease Control and Prevention
CDC CDC Home Search Health Topics A-Z
Contact Help Travelers Health n i p Home NIP header
First time visitor?
About NIP
Data and Statistics
International Efforts
Links to other web sites 
bullet Glossary/ Acronyms 

NIP sub-sites:
Flu Vaccine
Immunization Registries
Vaccines for Children Program
CASA (Clinic Assessment Program)
AFIX (Grantee Assessment)

NIP Site Search
For Immunization Information, call the
CDC-INFO Contact Center:
English and Spanish

Get Acrobat Reader
Get Adobe Reader
Home Health Care Professionals Home Partners Home Media Home Informacion en Espanol Partners

Policies > HIPAA > Factsheet
Health Insurance Portability & Accountability Act of 1996
August 11, 2003

Contents of this page:

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) established a national floor of consumer privacy protection and marketplace reform. Some key provisions include: insurance reforms, privacy and security, administrative simplification, and cost savings.

What is the HIPAA Privacy Rule?

HIPAA required Congress to enact privacy legislation by August 1999 or the Secretary of DHHS was to develop regulations protecting privacy. The HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) sets national minimal standards for protected health information.

top Top

Implications for Public Health

The Privacy Rule strikes a balance between protecting patient information and allowing traditional public health activities to continue. Disclosure of patient health information without the authorization of the individual is permitted for purposes including but not limited to

  1. disclosures required by law (45 CFR § 164.512(a)) or
  2. for “public health activities and purposes.” This includes disclosure to “a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to, the reporting of disease, injury, vital events..., and the conduct of public health surveillance,... investigations, and... interventions.” (45 CFR § 164.512(b)(i))

Definition of Public Health Authority

Defined as “an agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandates.” (45 CFR § 164.501)

Return to HIPAA Policies page

Top Top of page

National Immunization Program (NIP)
NIP Home | Contact Us | Help | Glossary | About | Accessibility

This page last modified on August 12, 2003


Department of Health and Human Services
Centers for Disease Control and Prevention
CDC Home
  |  CDC Search  |  CDC Health Topics A-Z