Skip Navigation Links
Centers for Disease Control and Prevention
CDC CDC Home Search Health Topics A-Z
Contact Help Travelers Health n i p Home NIP header
First time visitor?
About NIP
Data and Statistics
International Efforts
Links to other web sites 
bullet Glossary/ Acronyms 

NIP sub-sites:
Flu Vaccine
Immunization Registries
Vaccines for Children Program
CASA (Clinic Assessment Program)
AFIX (Grantee Assessment)

NIP Site Search
For Immunization Information, call the
CDC-INFO Contact Center:
English and Spanish

Get Acrobat Reader
Get Adobe Reader
Home Health Care Professionals Home Partners Home Media Home Informacion en Espanol Partners

Policies > HIPAA > Factsheet
Health Insurance Portability & Accountability Act of 1996
August 11, 2003

 CDC, National Immunization Program


August 11, 2003
Director, National Immunization Program
Public Health Implications of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
Immunization Program Managers
State Epidemiologists

Dear Colleague:

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which went into effect April 14, 2003, is having unintended consequences on some of the core functions of public health. The intent of HIPAA is to establish national standards for consumer privacy protection and insurance market reform. Unfortunately, a lack of information and misinterpretation of some HIPAA provisions has begun to hamper the conduct of time-honored public health activities. In some instances, confusion about the intent and implementation of the rules has resulted in health care providers refusing public health officials access to patient records for immunization assessment and surveillance purposes. We recognize that providers are concerned about compliance and they need clear and accurate information about the practical application of the HIPAA Privacy Rule on public health practices.

The National Immunization Program (NIP) of the Centers for Disease Control and Prevention (CDC) is working closely with Health and Human Services (HHS) Office for Civil Rights, which is the lead agency for interpreting and enforcing HIPAA, and the CDC legal counsel to clarify public health provisions of the Privacy Rule and disseminate information to our partners at the state and local levels. Due to the complexity of the HIPAA Privacy Rule, NIP plans to develop periodic advisories regarding policy issues and interpretation of confidentiality provisions that may affect public health activities. Some principal areas on which states have requested clarification deal with access to patient records to conduct VFC and AFIX site visits, participation in immunization registries, and disease surveillance and epidemiologic follow-up as part of outbreak investigation.

The first of a series of HIPAA guidance statements is attached with this mailing. The one page “HIPAA and Public Health Factsheet” provides a brief summary of HIPAA and Privacy Rule definitions. The “HIPAA and Public Health Site Visits: Access to Patient Records during AFIX and VFC Visits” provides responses to specific questions asked by the states regarding disclosure of patient health information without prior authorization during VFC and AFIX provider site visits. The responses to these questions were prepared by the CDC Office of General Counsel, which provides legal advice for CDC programs on issues such as implementation of HIPAA. Additional information is available on the Office for Civil Rights website at and in the MMWR, HIPAA Privacy Rule and Public Health (printable version is available at

We hope you will find this information helpful as you educate your provider groups and work with your respective legal offices on HIPAA issues. We are encouraged that all of the written and oral questions NIP has submitted to HHS about the impact of HIPAA on immunization activities have affirmed NIP’s position that state and local health agencies may continue to carry out routine public health activities while remaining in full compliance with HIPAA.

     (HIPAA Factsheet)
FAQs about HIPAA and AFIX & VFC)

cc: Chair, Association of State and Territorial Health Officials
Chair, Association of Immunization Managers


Walter Orenstein's signature

Walter A. Orenstein, M.D.

Assistant Surgeon General


National Immunization Program

Return to HIPAA Policies page

Top Top of page

National Immunization Program (NIP)
NIP Home | Contact Us | Help | Glossary | About | Accessibility

This page last modified on August 12, 2003


Department of Health and Human Services
Centers for Disease Control and Prevention
CDC Home
  |  CDC Search  |  CDC Health Topics A-Z