Skip Navigation Links
Centers for Disease Control and Prevention
CDC
CDC CDC Home Search Health Topics A-Z
Contact Help Travelers Health n i p Home NIP header
Partners
NIP:
NIP HOME
First time visitor?
About NIP
Data and Statistics
International Efforts
Links to other web sites 
bullet Glossary/ Acronyms 

NIP sub-sites:
ACIP
Flu Vaccine
Immunization Registries
Vaccines for Children Program
CASA (Clinic Assessment Program)
AFIX (Grantee Assessment)
VACMAN
 

NIP Site Search
 
For Immunization Information, call the
CDC-INFO Contact Center:
English and Spanish
800-CDC-INFO
800-232-4636
TTY
888-232-6348

Get Acrobat Reader
Get Adobe Reader
Home Health Care Professionals Home Partners Home Media Home Informacion en Espanol Partners
 

Policies > HIPAA > FAQs
HIPAA
Health Insurance Portability & Accountability Act of 1996
Questions & Answer image
HIPAA and Perinatal Hepatits B Prevention
July 1, 2005

  At a Glance: This guidance is intended to give health care providers and public health agencies specific information regarding the HIPAA Privacy Rule and how it impacts perinatal hepatitis B prevention. Several frequently asked questions posed to the CDC legal counsel for interpretation are presented below. Additional sources of information and reference materials available on the internet are also included.  
   
Questions answered on this page:
  1. Does HIPAA permit providers, hospitals, and laboratories to report HBsAg-positive women to state and local health departments (including local health agencies and local boards of health) without the authorization of the individual, regardless of whether the state has a reporting law?
  2. Does HIPAA permit providers and hospitals to disclose patient information to state and local health departments ((including local health agencies and local boards of health) without the authorization of the individual, for perinatal case management (e.g. immunization, prophylaxis, and post vaccination serology)?
  3. Can patient records be reviewed by state and local health department staff and their contractual agents when conducting quality assurance activities (e.g. chart reviews to assess HBsAg screening rates and appropriate prophylaxis), case investigations and/or disease outbreak activities?
  4. Does the HIPAA Privacy Rule apply to Indian Health Services and tribal clinics?

  1. Does HIPAA permit providers, hospitals, and laboratories to report HBsAg-positive women to state and local health departments (including local health agencies and local boards of health) without the authorization of the individual, regardless of whether the state has a reporting law?

    Yes. Under 45 CFR §164.512(b)(1)(i) of the HIPAA Privacy Rule, covered entities may disclose protected health information without authorization to public health authorities that are authorized by law to collect such information for public health purposes. In addition, under 45 CFR §164.512(a), covered entities may disclose protected health information to public health authorities if the disclosure is required by law. A specific mandate to report is not required for disclosure. In states that do not have a law that specifically mandates the reporting of maternal HBsAg status, notifiable disease reporting laws mandate reporting of hepatitis B.

top Top

  1. Does HIPAA permit providers and hospitals to disclose patient information to state and local health departments ((including local health agencies and local boards of health) without the authorization of the individual, for perinatal case management (e.g. immunization, prophylaxis, and post vaccination serology)?

    Yes. Under 45 CFR §164.512(b)(1)(i) of the HIPAA Privacy Rule, covered entities may disclose protected health information without authorization to public health authorities that are authorized by law to collect such information for public health purposes including disease prevention or control.

top Top

  1. Can patient records be reviewed by state and local health department staff and their contractual agents when conducting quality assurance activities (e.g. chart reviews to assess HBsAg screening rates and appropriate prophylaxis), case investigations and/or disease outbreak activities?

    Yes. As explained above, under 45 CFR §164.512(b)(1)(i) of the HIPAA Privacy Rule, covered entities may disclose protected health information without authorization to public health authorities that are authorized by law to collect such information for public health purposes.

top Top

  1. Does the HIPAA Privacy Rule apply to Indian Health Services and tribal clinics?

    Yes. The HIPAA Privacy Rule governs the use and disclosure of protected health information by covered entities (health plans, clearinghouses, and providers who transmit specified transactions electronically). The definition of health plans (45 CFR §160.103) includes the Indian Health Service (IHS) and programs under the Indian Health Care Improvement Act, 25 U.S.C. 1601 et seq. (45 CFR 160.103(1)(xii)).

top Top


Resources

Office for Civil Rights (responsible for enforcing the Privacy Rule) website: (www.hhs.gov/ocr/hipaa)

CDC/DHHS guidance on the Privacy Rule and Public Health, available at http://www.cdc.gov/mmwr/pdf/other/m2e411.pdf

 

Return to HIPAA Policies page

Top Top of page


National Immunization Program (NIP)
NIP Home | Contact Us | Help | Glossary | About | Accessibility

This page last modified on July 1, 2005

   

Department of Health and Human Services
Centers for Disease Control and Prevention
CDC Home
  |  CDC Search  |  CDC Health Topics A-Z