23
Privacy & Confidentiality
•Federal law
•
•HIPAA (Health Insurance Portability and Accountability Act of 1996)
•
•HIPAA Privacy Rule (45 CFR 164.512(b)(1)(I)
Speaking Points

•On April 14th, 2003, the HIPAA Privacy Rule was implemented. The Maine Department of Human Services, Bureau of Health, Division of Disease Control (DDC) is clarifying the exemptions provided for public health functions under HIPAA restrictions on disclosure of Protected Heath Information (PHI). It is important to emphasize the DDC’s classic public health functions that are not inhibited by the HIPAA Privacy Rule: those of reportable disease surveillance and preventive follow-up; outbreak investigations; preventive outreach education and appropriate preventive follow-up services for contacts of communicable diseases.

•As stated in 45 CFR 164.512 (b)(1)(i), “The [HIPAA] Privacy Rule permits covered entities to disclose protected health information, without authorization, to public health authorities who are legally authorized to receive such reports for the purpose of preventing or controlling disease, injury, or disability. This would include, for example, the reporting of a disease or injury; reporting vital events, such as births and deaths; and conducting public health surveillance, investigations, or interventions.”