Category: Public Health Uses and Disclosures

In general, and as explained below, the Privacy Rule permits a covered health care provider (covered provider), without the individual’s written authorization, to disclose protected health information to a medical device company representative (medical device company)

In general, and as explained below, the Privacy Rule permits a covered health care provider (covered provider), without the individual’s written authorization, to disclose protected health information to a medical device company representative (medical device company)

In general, and as explained below, the Privacy Rule permits a covered health care provider (covered provider), without the individual’s written authorization, to disclose protected health information to a medical device company representative (medical device company)

A covered entity may enter into a business associate agreement with the public health authority for the sole purpose of creating a limited data set, even if the same public health authority is also the intended recipient of the information (45 CFR 164.514(e)(3)(ii)).

A covered entity may enter into a business associate agreement with the public health authority for the sole purpose of creating a limited data set, even if the same public health authority is also the intended recipient of the information (45 CFR 164.514(e)(3)(ii)).

A covered entity may enter into a business associate agreement with the public health authority for the sole purpose of creating a limited data set, even if the same public health authority is also the intended recipient of the information (45 CFR 164.514(e)(3)(ii)).

A covered entity may enter into a business associate agreement with the public health authority for the sole purpose of creating a limited data set, even if the same public health authority is also the intended recipient of the information (45 CFR 164.514(e)(3)(ii)).

A covered entity may enter into a business associate agreement with the public health authority for the sole purpose of creating a limited data set, even if the same public health authority is also the intended recipient of the information (45 CFR 164.514(e)(3)(ii)).

A covered entity may enter into a business associate agreement with the public health authority for the sole purpose of creating a limited data set, even if the same public health authority is also the intended recipient of the information (45 CFR 164.514(e)(3)(ii)).

Yes, The Rule recognizes that various agencies and public officials will need protected health information to deal effectively with a bioterrorism threat or emergency.

Yes, The Rule recognizes that various agencies and public officials will need protected health information to deal effectively with a bioterrorism threat or emergency.

Covered entities may identify persons responsible for an FDA-regulated product by using the product label, the literature that accompanies the product, or other sources of labeling, such as the Physician’s Desk Reference.

The public health provision permits covered health care providers to disclose an individual's protected health information to the individual’s employer without authorization in very limited circumstances.

No. The public health provision is intended to facilitate the flow of information that is essential to the FDA’s public health mission.

The definition of a “public health authority” requires that an agency’s official mandate include the responsibility for public health matters.

No. All States have laws that require providers to report cases of specific diseases to public health officials. The HIPAA Privacy Rule permits disclosures that are required by law.

No. All States have laws that require providers to report cases of specific diseases to public health officials. The HIPAA Privacy Rule permits disclosures that are required by law.

The public health provision permits covered health care providers to disclose an individual's protected health information to the individual’s employer without authorization in very limited circumstances.

No. The public health provision is intended to facilitate the flow of information that is essential to the FDA’s public health mission.

Covered entities may identify persons responsible for an FDA-regulated product by using the product label, the literature that accompanies the product, or other sources of labeling, such as the Physician’s Desk Reference.

The definition of a “public health authority” requires that an agency’s official mandate include the responsibility for public health matters.

The Privacy Rule does not require a notation in each medical record that has been accessed by public health authorities, as long as the information required under the Privacy Rule is included in the accounting for disclosures.

The Privacy Rule does not require a notation in each medical record that has been accessed by public health authorities, as long as the information required under the Privacy Rule is included in the accounting for disclosures.

A covered entity is not required to provide an accounting for a disclosure where the only information disclosed is in the form of a limited data set, and the covered entity has a data use agreement with the public health authority receiving the information.

A covered entity is not required to provide an accounting for a disclosure where the only information disclosed is in the form of a limited data set, and the covered entity has a data use agreement with the public health authority receiving the information.

A covered entity is not required to provide an accounting for a disclosure where the only information disclosed is in the form of a limited data set, and the covered entity has a data use agreement with the public health authority receiving the information.

Yes. In most instances when a covered entity makes an adverse event report to a person responsible for an FDA-regulated product, the covered entity will suspect, but not know, the product is the cause of the event.

Yes. The HIPAA Privacy Rule permits covered entities to disclose the amount and type of protected health information that is needed for public health purposes.

No. The Privacy Rule’s public health provision permits, but does not require, covered entities to make such disclosures. This provision is intended to allow covered entities to continue current voluntary reporting practices that are critically important to public health and safety. The Rule also permits covered entities to disclose protected health information when State or other law requires covered entities to make disclosures for public health purposes.

Yes. In most instances when a covered entity makes an adverse event report to a person responsible for an FDA-regulated product, the covered entity will suspect, but not know, the product is the cause of the event.

Yes. The HIPAA Privacy Rule permits covered entities to disclose the amount and type of protected health information that is needed for public health purposes.

No. The Privacy Rule’s public health provision permits, but does not require, covered entities to make such disclosures. This provision is intended to allow covered entities to continue current voluntary reporting practices that are critically important to public health and safety. The Rule also permits covered entities to disclose protected health information when State or other law requires covered entities to make disclosures for public health purposes.

Yes. In most instances when a covered entity makes an adverse event report to a person responsible for an FDA-regulated product, the covered entity will suspect, but not know, the product is the cause of the event.

Yes. The HIPAA Privacy Rule permits covered entities to disclose the amount and type of protected health information that is needed for public health purposes.

No. The Privacy Rule’s public health provision permits, but does not require, covered entities to make such disclosures. This provision is intended to allow covered entities to continue current voluntary reporting practices that are critically important to public health and safety. The Rule also permits covered entities to disclose protected health information when State or other law requires covered entities to make disclosures for public health purposes.