SchoolNurse.com:HIPAA

HIPAA and Public Health Reporting

The Centers for Disease Control and US Department of Health and Human Services (DHHS) published guidelines to help public health agencies and others interpret their responsibilities under the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

HIPAA regulations protect the privacy of certain individually identifiable health data (protected health information [PHI]). Balancing the protection of individual health information with the need to protect the public's health, the Privacy Rule expressly allows disclosures without individual authorization to public health officials as authorized by law to collect or receive information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to public health surveillance, investigation, and intervention.

PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral). It excludes certain educational records (FERPA) and employment records. Elements of the Privacy Rule intend to:

limit the use and release of health records;
set safeguards for most health care providers and others to protect the privacy of health information;
enable patients to make informed choices based on how their health information may be used;
enable patients to find out how their information may be used and what disclosures of their information were made;
generally limit release of information to that needed for the purpose of the disclosure;
generally give patients the right to a copy of their record and request corrections; and
enable persons to control certain uses and disclosures.

Public health practice, including program operations, surveillance, evaluation, outbreak investigations, direct services, and public health research, use PHI to identify, monitor, and respond to disease, death, and disability. Public health authorities traditionally preserve confidentiality and recognize the importance of protecting privacy to maintain the integrity of health data.
DHHS recognized the importance of sharing PHI to achieve public health objectives and to meet certain societal needs (e.g., law enforcement). The Privacy Rule expressly permits PHI to be shared for specified public health purposes.

(CDC and DHHS. MMWR 2003;52 (S1):1-12)

Comment: School nurses have had extensive conversations about the implementation of HIPAA and FERPA. This outlines the guidance that allows reporting infectious diseases, suspected child abuse, and other public health-authorized information. Detailed information about HIPPA Privacy: http://www.hhs.gov/ocr/hipaa/. -J.O.






			HIPAA and Public Health Reporting The Centers for Disease Control and US Department of Health and Human Services (DHHS) published guidelines to help public health agencies and others interpret their responsibilities under the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA regulations protect the privacy of certain individually identifiable health data (protected health information [PHI]). Balancing the protection of individual health information with the need to protect the public's health, the Privacy Rule expressly allows disclosures without individual authorization to public health officials as authorized by law to collect or receive information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to public health surveillance, investigation, and intervention. PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral). It excludes certain educational records (FERPA) and employment records. Elements of the Privacy Rule intend to: limit the use and release of health records; set safeguards for most health care providers and others to protect the privacy of health information; enable patients to make informed choices based on how their health information may be used; enable patients to find out how their information may be used and what disclosures of their information were made; generally limit release of information to that needed for the purpose of the disclosure; generally give patients the right to a copy of their record and request corrections; and enable persons to control certain uses and disclosures. Public health practice, including program operations, surveillance, evaluation, outbreak investigations, direct services, and public health research, use PHI to identify, monitor, and respond to disease, death, and disability. Public health authorities traditionally preserve confidentiality and recognize the importance of protecting privacy to maintain the integrity of health data. DHHS recognized the importance of sharing PHI to achieve public health objectives and to meet certain societal needs (e.g., law enforcement). The Privacy Rule expressly permits PHI to be shared for specified public health purposes. (CDC and DHHS. MMWR 2003;52 (S1):1-12) Comment: School nurses have had extensive conversations about the implementation of HIPAA and FERPA. This outlines the guidance that allows reporting infectious diseases, suspected child abuse, and other public health-authorized information. Detailed information about HIPPA Privacy: http://www.hhs.gov/ocr/hipaa/. -J.O.



All Rights Reserved ©Copyright 1999, 2000 ®School Health Alert