Become a Member

A Privacy Toolkit for
Public Health Professionals

Understanding and Using PRISM

Three sets of privacy tables underlie PRISM: one for entities acting as a public health authority, one for entities acting as a government health care provider, and one for entities acting as a government health payer.
The tables are organized by the following key factors:

  • What type of entity (by function) is disclosing the health information
  • What health information is being disclosed
  • Why the health information is being disclosed

Types of health information disclosed may include general individually identifiable health information, health information on minors, medical records; specific types of health information such as that regarding mental health, chemical dependency, STDs or AIDS; or specific types of public health information, such as vital statistics, immunization registries, or disease registries. Purposes for health data disclosure include payment, healthcare operations, research, and law enforcement.

Each cell within a table contains specific information on a particular type of information being used or disclosed and the purpose for use or disclosure. Each cell contains:

  • The relevant HIPAA citation
  • Reference to other applicable federal laws as relevant
  • The general conditions and requirements for the use or disclosure under federal laws
  • Whether an authorization is required, or whether other certain conditions must exist to use or disclose
  • Whether minimum necessary and/or accounting for disclosures requirements apply
  • Identification and a general discussion of any common state law requirements and issues
  • Any other applicable requirements as appropriate

The tool is meant to provide helpful guidance for understanding and applying the range of privacy requirements in all the various functions.

Instructions for using PRISM

To use the PRISM tool, follow the instructions below. The tables can be downloaded separately or the user can access specific information by clicking first on a specific table and then clicking on the folder icon in the box that corresponds to the use/disclosure of interest. The box will open a view of the contents for that specific information/purpose.

Step 1: Select whether you are a government entity acting as a public health agency or authority, a public health healthcare provider, or a healthcare payer. Recognizing that any program may have more than one role, users will be directed to a table containing types of information and purposes of disclosure specific to the role and reason for the data disclosure they have identified.

Step 2: Select the type of use/disclosure in which you are interested (e.g., for treatment, research, workers’ compensation, legal proceedings). Use the “back” button to return to the previous menu.

Step 3: To see information specific to a type of data and a purpose for disclosure, click on the blue folder icon in the cell to open a PDF with more detailed information (the PDF will open in another screen). Use the “control-F” feature to search for specific phrases or information. Use the “back” button to return to the previous menu.

Step 4: Click on any hyperlink in the PDF to see additional relevant information and definitions.

PRISM Privacy Tables

Select the type of data disclosure in which you are interested. Use the “back” button to return to the previous menu.



Government Entity Acting As - HEALTHCARE PAYER


We are very interested in comments or ideas you have on this tool. To offer feedback or suggestions regarding PRISM, please complete the feedback form.

Disclaimer and Credits

The contents of this Tool and associated documents are intended for educational purposes only and do not constitute legal advice. Though PHDSC believes reasonable efforts have been made to ensure the accuracy of the information contained in this Tool, it may include inaccuracies or typographical errors and may be changed or updated without notice. The Tool was developed by Walter G. Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research and Vicki Hohner, MBA, Fox Systems, Inc, in association with the Lewin Group under contract with the National Center for Health Statistics. Legal review was provided by Joy Pritts, JD.

Copyright (c) 2007 by the Public Health Data Standards Consortium. No claim to original Federal or State Government Works. Any use of this Document by any person is expressly subject to the user's acceptance of the terms of this Disclaimer. Reproduction and use, in part or as a whole, of Documents contained in this Tool is permitted with appropriate attribution of ownership and authorship.