Centers for Disease Control and Prevention
 CDC Home Search Health Topics A-Z

Centers for Disease Control and Prevention
About CDC Announcements Funding Opportunities Publications Contact Us

U.S. Department of Health and Human Services

 

Contents
Summary
Introduction
Overview of the Privacy Rule
The Privacy Rule and Public Health
The Privacy Rule and Public Health Research
The Privacy Rule and Other Laws
Online Resources
Acknowledgments
References
Appendix A
Appendix B
   
Privacy Rule Home
Guidance for Public Health
HIPAA Basic Facts
FAQs              
Privacy Rule Reading Room
Privacy Rule Links
Public Health Grand Rounds: HIPAA Privacy Rule

HIPAA Privacy Rule and Public Health

Guidance from CDC and the U.S. Department of Health and Human Services

MMWR, Volume 52, Early Release

The material in this report originated in the Epidemiology Program Office, Stephen B. Thacker, M.D., M.Sc., Director.

Summary

New national health information privacy standards have been issued by the U.S. Department of Health and Human Services (DHHS), pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new regulations provide protection for the privacy of certain individually identifiable health data, referred to as protected health information (PHI). Balancing the protection of individual health information with the need to protect public health, the Privacy Rule expressly permits disclosures without individual authorization to public health authorities authorized by law to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to public health surveillance, investigation, and intervention.

Public health practice often requires the acquisition, use, and exchange of PHI to perform public health activities (e.g., public health surveillance, program evaluation, terrorism preparedness, outbreak investigations, direct health services, and public health research). Such information enables public health authorities to implement mandated activities (e.g., identifying, monitoring, and responding to death, disease, and disability among populations) and accomplish public health objectives. Public health authorities have a long history of respecting the confidentiality of PHI, and the majority of states as well as the federal government have laws that govern the use of, and serve to protect, identifiable information collected by public health authorities.

The purpose of this report is to help public health agencies and others understand and interpret their responsibilities under the Privacy Rule. Elsewhere, comprehensive DHHS guidance is located at the HIPAA website of the Office for Civil Rights (http://www.hhs.gov/ocr/hipaa/).

 


Accessibility | Privacy Policy Notice | FOIA | Information Quality

About CDC | Announcements | Funding Opportunities | Publications | Contact Us

CDC Home | Search | Health Topics A-Z

This page last reviewed April 18, 2003.

United States Department of Health and Human Services
Centers for Disease Control and Prevention