By Lucia Savage, J.D./ Chief Privacy Officer , and
Matthew Penn/ Director, Public Health Law Program, CDC
Twitter:Â @ONC_HealthIT
Electronic health records provide structured clinical data that help public health workers track, mitigate, and eliminate disease. They also offer us the opportunity to improve health across the country and address public health crises such as Zika, Ebola, lead poisoning, and natural disasters.
Many Americans have not taken full advantage of electronic health record data, perhaps because of confusion about how the Health Insurance Portability and Accountability Act (HIPAA) interacts with and supports the exchange of electronic health information for the purposes of public health. To address this confusion, the US Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) and Office of Civil Rights (OCR) have published a new fact sheet explaining how providers are permitted to share electronic protected health information (PHI) with public health agencies without obtaining an individual’s written authorization.
ONC has highlighted the many circumstances in which HIPAA supports electronic exchange of PHI for treatment and specific kinds of health care operations. The new fact sheet provides examples about how HIPAA supports the electronic exchange of information, including contagious disease tracking, provider participation in cancer registries, and monitoring the health of children who have experienced lead poisoning. These are only some of the examples of permitted disclosures in support of public health activities included in HIPAA regulation 45 CFR 164.512(b) (although it is important to note that all of these permitted disclosures are subject to the minimum necessary rules).
Public health activities described in the new fact sheet include:
- Collecting protected health information to monitor, prevent, and track disease and vital statistics such as birth and death records; engaging in public health interventions; and other responsibilities of authorized federal, state, or local public health agencies
- Collecting information about the health of children who have experienced lead poisoning and tracking their neurological development over time
- Supporting the notification of people who may have been exposed to a communicable disease that the public health department is tracking
- Enabling employers to meet health safety reporting requirements
- Participating in state-sponsored cancer registries
In addition to protecting patients from improper disclosures of their private health information, HIPAA is also a crucial tool that ensures information can flow to support public health activities.
View the new fact sheet, as well as ONC’s blog series to learn more about this critical aspect of the HIPAA regulations.
This article was originally published on the Health IT Buzz and is syndicated here with permission.