Privacy Tools Introduction Page

PHDSC Graphic Banner

ListServ Subscription

+ About the
Consortium

About the Consortium

Mission and Strategic Plan

Organizational Structure of PHDSC

Board of Directors

Ongoing Initiatives and Activities

Slide Presentation: About PHDSC

Benefits of Joining

Subscribe to PHDSC ListServ

+ Electronic Health
Records &
Certification

What is an Electronic Health Record

HL7 Electronic Health Record

Paper: Electronic Health Record - Public Health Perspectives

Office of the National Coordinator for Health Information Technology (ONCHIT) EHR Adoption

+ Nationwide Health
Information Network

Nationwide Health Information Network

PHDSC Letter on NHIN Request for Information

PHDSC Response to NHIN Request for Information

Summary of NHIN RFI Responses

Office of the National Coordinator for Health Information Technology (ONCHIT): NHIN Homepage

Article: The Costs of a National Health Information Network

+ Data Standards &
Standards
Harmonization

About Data Standards & Standards Harmonization

External Cause of Injury Codes Committee

Payer Typology Committee

Health Care Services Data Reporting Guide

Standards Development Efforts

+ Privacy & Security

About Privacy & Security

Privacy, Security & Data Sharing Committee

Privacy Case Studies

Links to Privacy and Security Websites

+ International

International Standards Efforts

Health Information Technology Standards Panel (HITSP) International Landscape Committee

Presentation: French Sentinel General Practitioner Network

+ Knowledge
Resources

About Knowledge Resources

Role of Public Health in HIT

Suggested Health Data Standards' Web Sites

+ PHDSC Committees

About the Committees

+ Data Standards

About Data Standards Committees

Healthcare Services and Data Reporting Guide Committee

Payer Typology Committee

External Cause of Injury Codes Committee

Privacy, Security & Data Sharing Committee

Nationwide Health Information Network Committee

Communication and Outreach Committee

Overview of Public Health and Data Standards

The Public Health Data Standards Consortium

Benefits of Standardization

Implementation Issues

Introduction | Key Definitions and Resources

A great deal of confusion still exists around the Health Insurance Portability and Accountability Act’s (HIPAA) privacy impact on public sector entities and its intersection with state and other federal laws. Public sector health care services are very heterogeneous and often perform multiple functions, which may cross program boundaries or be shared with other departments, agencies, and external partners. In many cases, public sector health program processes do not fit well with many of the regulatory provisions. While there is recognition in the HIPAA rules that public programs play different roles, the rules do not address the real life complexity of public sector solutions to providing access and services.

The Department of Health and Human Services (DHHS) Office of Civil Rights (OCR) produced a series of guidance documents for the Privacy Rule to aid compliance, but little has been released to date that directly addresses public sector concerns. In general, HIPAA privacy regulations recognize current business practices and preserve a government entity’s ability to use and disclose the information. Use or disclosure for most activities is permitted and can still continue, including for public health, public benefit programs, and oversight activities. However, the complexity of the rule and the imperfect fit of the rule requirements with public sector health activities have greatly hindered understanding, application, and compliance. This tool is to provide some direction for government entities in applying privacy regulations to their programs and functions and in complying with all state and federal privacy requirements.

The Privacy Tool is an electronic tool to provide state and local government health programs, and public health departments and programs in particular, with a convenient and useful way to understand the basic legal privacy requirements for identifiable health information use and disclosure. The tool identifies and defines the baseline conditions and requirements that a public health or other government health entity must follow when using and disclosing specific types of health information. The tool consists of a series of tables that outline different types and/or purposes of information use and disclosure and the general legal requirements relevant to each type of use or disclosure.

PRISM - An optical instrument to look at an object from different angles.
The Consortium's PRISM Privacy Tool helps look at the health information privacy issue from different public health perspectives.

The tool is organized according to the three common roles and functions of state and local public health and other government health entities that often require use or disclosure of health information: public health authority, health care provider, and as a payer of health services.

The PRISM tool describes the baseline privacy requirements for government health sector uses and disclosures using HIPAA (the Health Insurance Portability and Accountability Act) as a foundation and takes into consideration:

Other Federal laws impacting health privacy, namely 42 CFR pt. 2 (substance abuse program information privacy), and FERPA (privacy of educational records)

Common state privacy laws and related requirements and considerations such as:

Areas where state laws are commonly more restrictive than HIPAA, such as for HIV/AIDS, mental health, and certain reproductive health concerns

Minor’s rights, which are directed by state law

Areas where state laws may impose additional conditions relating to uses and disclosures, such as requiring consents for uses and disclosures related to treatment, payment, and health care operations

Any other relevant information, including notes and explanations on conditions or applications specific to government programs that may add clarity

Key Definitions & Resources

Click here to view key definitions and terms related to the disclosure of privacy information.

Click here to view additional resources related to the disclosure of privacy information.

PROCEED TO PRISM PRIVACY TOOL

The contents of this Tool and associated documents are intended for educational purposes only and do not constitute legal advice. Though PHDSC believes reasonable efforts have been made to ensure the accuracy of the information contained in this Tool, it may include inaccuracies or typographical errors and may be changed or updated without notice.

The Tool was developed by Walter G. Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research and Vicki Hohner, MBA, Fox Systems, Inc, in association with the Lewin Group under contract with the National Center for Health Statistics. Legal review was provided by Joy Pritts, JD.

Copyright (c) 2007 by the Public Health Data Standards Consortium. No claim to original Federal or State Government Works. Any use of this Document by any person is expressly subject to the user's acceptance of the terms of this Disclaimer. Reproduction and use, in part or as a whole, of Documents contained in this Tool is permitted with appropriate attribution of ownership and authorship.

Click here to review the PHDSC's Legal and Privacy Statement

Copyright 2006 © Public Health Data Standards Consortium - All rights reserved