Re: |
Public
Health Implications of the Health Insurance Portability
and Accountability Act (HIPAA) Privacy Rule |
Dear Colleague:
The Health Insurance
Portability and Accountability Act (HIPAA) Privacy Rule
has been in effect since April 14, 2003. The intent
of HIPAA is to establish national standards for consumer
privacy protection and insurance market reform. Initially,
a lack of information and misinterpretation of some
HIPAA provisions had a negative impact on the conduct
of some time-honored public health activities. In some
instances, confusion about the intent and implementation
of the rules resulted in health
care providers refusing access by public health officials
to patient records for immunization assessment
and surveillance purposes. The National Immunization
Program (NIP) of the Centers for Disease Control and
Prevention (CDC) recognizes that providers are concerned
about compliance, and they need clear and accurate information
about the practical application of the HIPAA Privacy
Rule on public health practices.
NIP has worked closely
with Health and Human Services (HHS) Office for Civil
Rights, which is the lead agency for interpreting and
enforcing HIPAA, and the CDC legal counsel to clarify
public health provisions of the Privacy Rule and to
disseminate information to our partners at the state
and local
levels. In August 2003, NIP sent the first of a series
of guidance statements to Immunization Program Managers
and State Epidemiologists in response to states’
requests for clarification regarding access to patient
records to conduct VFC and AFIX site visits. The mailing
included a one-page HIPAA and Public Health Fact Sheet
that provided a brief summary of HIPAA and Privacy Rule
definitions, and HIPAA and Public Health Site Visits:
Access to Patient Records during AFIX and VFC Visits,
a short document containing responses to specific questions
asked by the states regarding disclosure of patient
health information without prior authorization during
VFC and AFIX provider site visits. The CDC Office of
General Counsel, which provides legal advice for CDC
programs on issues such as implementation of HIPAA,
prepared the responses to these questions. These materials
have been very effective in addressing providers’
concerns about HIPAA and facilitating traditional public
health practice.
Almost two years after
the effective date of the Privacy Rule, several states
have requested written materials clarifying other questions
and concerns about HIPAA. Enclosed is the second in
the series of guidance statements, HIPAA and Perinatal
Hepatits B Prevention. The original HIPAA and Public
Health Fact Sheet is also enclosed. Additional information
is available on the Office for Civil Rights website
at http://www.hhs.gov/ocr/hipaa
and in the MMWR, HIPAA Privacy Rule and Public Health:
http://www.cdc.gov/mmwr/pdf/other/m2e411.pdf.
We hope you will find this information helpful as you
educate your provider groups and work with your respective
legal offices on HIPAA issues.
Attachment
(HIPAA
Factsheet)
(FAQs
about HIPAA and Perinatal Hepatits B Prevention)
| cc: |
President,
Association of State and Territorial Health Officials
President,
Association of Immunization Managers
President, Council of State and Territorial Epidemiologists |
Sincerely,
Stephen
L. Cochi, M.D., MPH
Acting
Director
National
Immunization Program
|
