Public Health Uses and Disclosures
- Does the HIPAA Privacy Rule's public health provision permit covered health care providers to disclose protected health information concerning the findings of pre-employment physicals, drug tests, or fitness-for-duty examinations to an individuals employer?
- Does the HIPAA Privacy Rule's public health provision permit covered entities to disclose protected health information without authorization to a manufacturer of a product regulated by the Food and Drug Administration (FDA) for use by the manufacturer to assess the effectiveness of its marketing campaign?
- May covered entities disclose facially identifiable protected health information, such as name, address, and social security number, for public health purposes?
- Does the HIPAA Privacy Rule permit covered entities to disclose protected health information, without individuals' authorization, to public officials responding to a bioterrorism threat or other public health emergency?
- Does the public health provision of the HIPAA Privacy Rule require covered entities to make public health disclosures?
- When may a covered health care provider disclose protected health information, without an authorization or business associate agreement, to a medical device company representative?
- Must a health care provider or other covered entity obtain permission from a patient prior to notifying public health authorities of the occurrence of a reportable disease?
- To provide individuals with an accounting for disclosures, does a covered entity have to document each medical record that may be accessed by a public health authority in the course of surveillance activities that involve all patient records?
- To whom may covered entities make public health disclosures regarding a product regulated by the Food and Drug Administration (FDA) when more than one person is identified on the product label?
- Does the HIPAA Privacy Rule's public health provision permit covered entities to disclose protected health information to authorities such as the National Institutes of Health (NIH)?
- Is a covered entity permitted to disclose protected health information under the HIPAA Privacy Rule's public health provision when the link between an averse event and a product regulated by the Food and Drug Administration (FDA) is only suspected?
- Must a covered entity provide an accounting for disclosures if the only information disclosed to a public health authority is in the form of a limited data set?
- May a covered entity hire a business associate to create a limited data set, and may the public health authority be a business associate for that purpose, even if the public health authority is also the intended recipient of the limited data set?