How does HIPAA affect public health reporting?
Since the Health Insurance Portability and Accountability Act (HIPAA) privacy rule was put into effect in April 2003, healthcare providers have sometimes been confused about what information they can legally disclose to public health agencies. The HIPAA is intended to protect the public from unauthorized access to, use of, and disclosure of individually identifiable health information. Specifically excluded from the requirement for individual authorization are disclosures for public health activities, as long as the agency to which the information is provided is legally authorized to collect and receive the information. A clear understanding of permissible disclosure will enable family physicians to continue their important role of providing individual patient information for the critical activities of disease surveillance, outbreak investigation, monitoring causes of death and birth complications, assuring health care services, conducting public health research, and formulating health policy. Several scenarios are provided, demonstrating the appropriate response regarding HIPAA and whether unauthorized disclosure is permitted.