HIPAA, Health Information Exchanges, and Disclosures of Protected Health Information for Public Health Purposes

HIPAA, Health Information Exchanges, and Disclosures of Protected Health Information for Public Health Purposes
Public Health
https://www.hhs.gov/hipaa/for-professionals/special-topics/public-health/index.html

45 CFR 164.512(b)  (Download a copy in PDF – PDF)

Background
The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information to carry out their public health mission. The Rule also recognizes that public health reports made by covered entities are an important means of identifying threats to the health and safety of the public at large, as well as individuals. Accordingly, the Rule permits covered entities to disclose protected health information without authorization for specified public health purposes.  In addition, if a covered entity engages a business associate to assist in a specified public health activity, the business associate’s written agreement with the covered entity should identify these activities, and the business associate may make the disclosure for public health reasons in accordance with its written agreement.

New – OCR Issues Guidance on HIPAA, Health Information Exchanges, and Disclosures of Protected Health Information for Public Health Purposes

OCR has issued guidance on how the Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits covered entities and their business associates to use health information exchanges (HIEs) to disclose protected health information (PHI) for the public health activities of a public health authority (PHA). The guidance provides examples relevant to the COVID-19 public health emergency on how HIPAA permits covered entities and their business associates to disclose PHI to an HIE for reporting to a PHA conducting public health activities.

* People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office for Civil Rights at (800) 368-1019, TDD toll-free: (800) 537-7697, or by emailing OCRMail@hhs.gov.

How the Rule Works

General Public Health Activities. The Privacy Rule permits covered entities to disclose protected health information, without authorization, to public health authorities who are legally authorized to receive such reports for the purpose of preventing or controlling disease, injury, or disability. This would include, for example, the reporting of a disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions. See 45 CFR 164.512(b)(1)(i). Also, covered entities may, at the direction of a public health authority, disclose protected health information to a foreign government agency that is acting in collaboration with a public health authority. See 45 CFR 164.512(b)(1)(i). Covered entities who are also a public health authority may use, as well as disclose, protected health information for these public health purposes. See 45 CFR 164.512(b)(2).

A “public health authority” is an agency or authority of the United States government, a State, a territory, a political subdivision of a State or territory, or Indian tribe that is responsible for public health matters as part of its official mandate, as well as a person or entity acting under a grant of authority from, or under a contract with, a public health agency. See 45 CFR 164.501. Examples of a public health authority include State and local health departments, the Food and Drug Administration (FDA), the Centers for Disease Control and Prevention, and the Occupational Safety and Health Administration (OSHA). Generally, covered entities are required reasonably to limit the protected health information disclosed for public health purposes to the minimum amount necessary to accomplish the public health purpose. However, covered entities are not required to make a minimum necessary determination for public health disclosures that are made pursuant to an individual’s authorization, or for disclosures that are required by other law. See 45 CFR 164.502(b).

For disclosures to a public health authority, covered entities may reasonably rely on a minimum necessary determination made by the public health authority in requesting the protected health information. See 45 CFR 164.514(d)(3)(iii)(A). For routine and recurring public health disclosures, covered entities may develop standard protocols, as part of their minimum necessary policies and procedures, that address the types and amount of protected health information that may be disclosed for such purposes. See 45 CFR 164.514(d)(3)(i).

Other Public Health Activities. The Privacy Rule recognizes the important role that persons or entities other than public health authorities play in certain essential public health activities. Accordingly, the Rule permits covered entities to disclose protected health information, without authorization, to such persons or entities for the public health activities discussed below.

  • Child abuse or neglect. Covered entities may disclose protected health information to report known or suspected child abuse or neglect, if the report is made to a public health authority or other appropriate government authority that is authorized by law to receive such reports. For instance, the social services department of a local government might have legal authority to receive reports of child abuse or neglect, in which case, the Privacy Rule would permit a covered entity to report such cases to that authority without obtaining individual authorization. Likewise, a covered entity could report such cases to the police department when the police department is authorized by law to receive such reports. See 45 CFR 164.512(b)(1)(ii). See also 45 CFR 512(c) for information regarding disclosures about adult victims of abuse, neglect, or domestic violence.
  • Quality, safety or effectiveness of a product or activity regulated by the FDA. Covered entities may disclose protected health information to a person subject to FDA jurisdiction, for public health purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity for which that person has responsibility. Examples of purposes or activities for which such disclosures may be made include, but are not limited to:
    • Collecting or reporting adverse events (including similar reports regarding food and dietary supplements), product defects or problems (including problems regarding use or labeling), or biological product deviations;
    • Tracking FDA-regulated products;
    • Enabling product recalls, repairs, replacement or lookback (which includes locating and notifying individuals who received recalled or withdrawn products or products that are the subject of lookback); and
    • Conducting post-marketing surveillance.  See 45 CFR 164.512(b)(1)(iii). The “person” subject to the jurisdiction of the FDA does not have to be a specific individual. Rather, it can be an individual or an entity, such as a partnership, corporation, or association. Covered entities may identify the party or parties responsible for an FDA-regulated product from the product label, from written material that accompanies the product (know as labeling), or from sources of labeling, such as the Physician’s Desk Reference.
  • Persons at risk of contracting or spreading a disease. A covered entity may disclose protected health information to a person who is at risk of contracting or spreading a disease or condition if other law authorizes the covered entity to notify such individuals as necessary to carry out public health interventions or investigations. For example, a covered health care provider may disclose protected health information as needed to notify a person that (s)he has been exposed to a communicable disease if the covered entity is legally authorized to do so to prevent or control the spread of the disease. See 45 CFR 164.512(b)(1)(iv).
  • Workplace medical surveillance. A covered health care provider who provides a health care service to an individual at the request of the individual’s employer, or provides the service in the capacity of a member of the employer’s workforce, may disclose the individual’s protected health information to the employer for the purposes of workplace medical surveillance or the evaluation of work-related illness and injuries to the extent the employer needs that information to comply with OSHA, the Mine Safety and Health Administration (MSHA), or the requirements of State laws having a similar purpose. The information disclosed must be limited to the provider’s findings regarding such medical surveillance or work-related illness or injury. The covered health care provider must provide the individual with written notice that the information will be disclosed to his or her employer (or the notice may be posted at the worksite if that is where the service is provided). See 45 CFR 164.512(b)(1)(v).

OCR HIPAA Privacy
December 3, 2002 Revised April 3, 2003

Posted in Breaking News

About the Author
Stew Webb served in the United States Marine Corps and was Honorable Discharge. Stew was a Realtor-General Contractor-Home Builder until 3 car crashes in 2010-2011 (attempted murders see picture my Van on concrete barrier below Breaking News column) and is now disabled. Stew turned Federal Whistle blower - Activist of 39 years and has been a guest on over 4,000 Radio and TV Programs since September 18, 1991 and now has his own Radio Network http://www.stewwebb.com .Stew was responsible for the Congressional Investigations and Hearings that lead to the Appointment of Independent Prosecutor Arlin Adams in the 1989 HUD Hearings, the Silverado Savings and Loan Hearings Neil Bush Director, the Denver International Airport Frauds Hearings, the MDC Holdings, Inc. (MDC-NYSE) Illegal Political Campaign Money Laundering Colorado’s biggest case aka Keating 5 Hearings and the information provided that lead to the 2008 Illegal Bank Bailout. Stew was held as a Political Prisoner from 1992-1993 to silence his exposure by Leonard Millman his former in law with illegal charges of threatening harassing telephone calls charges which were dismissed with prejudice. Leonard Millman, George HW Bush, George W Bush, Jeb Bush, Neil Bush, Bill Clinton, Hillary Clinton, Larry Mizel, Phil Winn, Norman Brownstein, John McCain and Mitt Romney to name a few are all partners in what is known as the Bush - Millman - Clinton Organized Crime Syndicate. Leonard Millman (Deceased 2004) was member of the "Illuminati Council of 13". Larry Mizel is now in control of this Organized Crime Syndicate RICO. I have contributed to the following books: * “Defrauding America”, by Rodney Stitch * "Drugging America", by Rodney Stitch * “The Mafia, CIA and George Bush” by Pete Brewton * “The Oklahoma City Bombing Power of Politics”, by David Hoffman * “Bushwacked” by Uri Dowbenko * “Silverado Savings and Loan” by Steve Wilmsen * “Drugging America” by Rodney Stitch * I was instrumental in brokering a deal that has lead to Al Martin’s new book “The Conspirators”, www.almartinraw.com I have known Al since 1991, when I had to hide from the FBI who tried to jail me for exposing,“The Bush Crime Family-Denver Connection-King Pin Leonard Millman”, my former-father-in-law. @@@@@ (Your kind and generous contributions are much appreciated and needed, Please copy and paste the link below into your browser to contribute today thank you Stew Webb. https://www.paypal.com/paypalme/SWebb822 Contributions by mail: Stew Webb federalwhistleblower@gmail.com Phone: 785-213-0160)

flagususmcflag

Contact Stew Webb

785-213-0160

federalwhistleblower@gmail.com

http://www.stewwebb.com/contact/

I Stew Webb have contributed to the following Books

http://www.stewwebb.com/books/

Current Radio Programs

http://www.stewwebb.com/stew-webb-radio-4-2/

Charlene Renee More Breaking News 2100 Show

https://www.2100show.com






“NEW”
Stew Webb Whistle blower Chronicles Video


October 25, 2010 Attempted murder of Stew Webb by 2 goons working for FBI JTFG Joint Task Force Group Kansas City, Missouri, Click on the picture to see additional information and pictures.

I am on social security disability because of 3 car crashes,  2 were attempted murder of me.

Click on the picture below and read the Private Investigators report Grandview, Missouri Police covered up for the FBI with a false report.  This broke every vertebra in my neck.–Stew Webb

Attempted Murder of Stew Webb

Grandview, Missouri Police Obstruct Justice and tried to Cover up the car crash by FBI Stooges and Killers.

SEE: PROOF (Exhibits 1-22)

Stew Webb December 3, 2023 my story how I became a US Whistle blower

Copy and Paste the like below in your browser:

http://www.stewwebb.com/2024/02/07/stew-webb-december-3-2023-my-story-how-i-became-a-us-whistle-blower/

 

StewWebb-USMC-1971

 

Chatty Gargoyle at Denver International Airport


Larry Mizel and the Pro Jewish Mafia

Breaking News

Archives