Skip directly to local search Skip directly to A to Z list Skip directly to navigation Skip directly to site content Skip directly to page options
CDC Home

HIPAA Overview

The Health Insurance Portability and Accountability Act of 1996

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), familiarly known as HIPAA, established a national platform of consumer privacy protection and marketplace reform. Some key provisions include insurance reforms, privacy and security, administrative simplification, and cost savings.

What is the HIPAA Privacy Rule?

To implement HIPAA, the U.S. Department of Health and Human Services ("HHS") issued the "Standards for Privacy of Individually Identifiable Health Information" (the "Privacy Rule"), which established a set of national standards to address the use and disclosure of individuals' health information—called "protected health information" – by organizations subject to the Privacy Rule—called "covered entities" – as well as standards for individuals' privacy rights to understand and control how their health information is used.

Implications for Public Health

The Privacy Rule strikes a balance between protecting patient information and allowing traditional public health activities to continue. Generally, disclosure of protected health information without the authorization of the individual is permitted for purposes including but not limited to:

  1. disclosures required by law (45 CFR § 164.512(a)) or
  2. for "public health activities and purposes." This includes disclosure to "a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to, the reporting of disease, injury, vital events..., and the conduct of public health surveillance,... investigations, and... interventions." (45 CFR § 164.512(b)(i))

Definition of Public Health Authority

Defined as "an agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandates." (45 CFR § 164.501)

HIPAA and Vaccine Administration

For More Information


Top of Page


Images and logos on this website which are trademarked/copyrighted or used with permission of the trademark/copyright or logo holder are not in the public domain. These images and logos have been licensed for or used with permission in the materials provided on this website. The materials in the form presented on this website may be used without seeking further permission. Any other use of trademarked/copyrighted images or logos requires permission from the trademark/copyright holder...more

External Web Site Policy This graphic notice means that you are leaving an HHS Web site. For more information, please see the Exit Notification and Disclaimer policy.

Contact Us:
  • Centers for Disease Control and Prevention
    1600 Clifton Rd
    Atlanta, GA 30333
  • 800-CDC-INFO
    TTY: (888) 232-6348
    Contact CDC-INFO The U.S. Government's Official Web PortalDepartment of Health and Human Services
Centers for Disease Control and Prevention   1600 Clifton Road Atlanta, GA 30329-4027, USA
800-CDC-INFO (800-232-4636) TTY: (888) 232-6348 - Contact CDC–INFO
A-Z Index
  1. A
  2. B
  3. C
  4. D
  5. E
  6. F
  7. G
  8. H
  9. I
  10. J
  11. K
  12. L
  13. M
  14. N
  15. O
  16. P
  17. Q
  18. R
  19. S
  20. T
  21. U
  22. V
  23. W
  24. X
  25. Y
  26. Z
  27. #