May covered entities disclose facially identifiable protected health information, such as name, address, and social security number, for public health purposes?
Yes. The HIPAA Privacy Rule permits covered entities to disclose the amount and type of protected health information that is needed for public health purposes. In some cases, the disclosure will be required by other law, in which case, covered entities may make the required disclosure pursuant to 45 CFR 164.512(a) of the Rule. For disclosures that are not required by law, covered entities may disclose, without authorization, the information that is reasonably limited to that which is minimally necessary to accomplish the intended purpose of the disclosure. For routine or recurring public health disclosures, a covered entity may develop protocols as part of its minimum necessary policies and procedures to address the type and amount of information that may be disclosed for such purposes. Covered entities may also rely on the requesting public health authoritys determination of the minimally necessary information. See the fact sheet and frequently asked questions on this web site about t
Related Questions
- Can covered entities continue to disclose adverse event reports that contain protected health information to the Department of Health and Human Services (HHS) Office for Human Research Protections?
- May covered entities disclose facially identifiable protected health information, such as name, address, and social security number, for public health purposes?
- May covered entities disclose facially identifiable PHI, such as name, address, and social security number, for public health purposes?
