Become a Member

PRISM
A Privacy Toolkit for
Public Health Professionals

Government Entity Acting As A Public Health Healthcare Provider

Introduction

Public health programs, particularly at the county level, often provide direct services in a variety of areas. Some common services performed by public health include immunizations, prevention services such as screenings, assessments, and testing, HIV, STD, and TB treatment, and primary care services for infants and children and other vulnerable populations not covered by Medicaid.

Other public providers of health services that may find themselves directly or indirectly impacted by the HIPAA privacy provisions include social service programs such as aging, vocational rehabilitation, disability, home care, mental health, substance abuse, crisis and/or emergency services, and school health. While these tables are targeted more specifically to public health programs, the public programs listed above may also find the PRISM tool useful for general privacy guidance.

The provider function is directly impacted by HIPAA, but the privacy provisions should not substantively affect most uses and disclosures for that function. However, some public health services not previously considered health services now fall under the HIPAA definition of health care, which is quite broad:

Care, services, or supplies related to the health of an individual and includes, but is not limited to, the following:
(1) Preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and
(2) Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.

Therefore, some existing programs not previously considered service providers may now have to comply with privacy requirements for that function.

PRISM Privacy Tables

Select the type of data disclosure in which you are interested. Use the “back” button to return to the previous menu. Click here to download the entire set of tables. Please note that this PDF is (507 KB/104pages) and may take several minutes to download.

TABLE 1: WHO CONTROLS INFORMATION ABOUT INDIVIDUALS

TABLE 2: DISCLOSURES FOR TREATMENT, PAYMENT AND HEALTH CARE OPERATIONS

TABLE 3: DISCLOSURES TO PERSONS INVOLVED IN INDIVIDUAL’S CARE; FOR NOTIFICATION PURPOSES (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 4: DISCLOSURES REQUIRED BY LAW; FOR PUBLIC HEALTH ACTIVITIES; FOR HEALTH OVERSIGHT; FDA REGULATED PRODUCTS (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 5: DISCLOSURES TO AVERT SERIOUS THREAT TO HEALTH AND SAFETY; FOR ORGAN DONATIONS; TO WHISTLE-BLOWERS AND WORKFORCE MEMBER CRIME VICTIMS (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 6: DISCLOSURES FOR JUDICIAL AND ADMINISTRATIVE PROCEEDINGS; LAW ENFORCEMENT PURPOSES; CORRECTIONAL AGENCIES; BOARDS OF PRACTICE (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 7: DISCLOSURES FOR SPECIALIZED GOVERNMENT FUNCTIONS; WORKERS’ COMPENSATION; BUSINESS ASSOCIATES (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 8: DISCLOSURES FOR RESEARCH; TO HHS; FOR MARKETING; FUNDRAISING (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 9: DISCLOSURES TO SCHOOLS; TO CORONERS AND MEDICAL EXAMINERS; TO LAW ENFORCEMENT ABOUT CRIME VICTIMS; PUBLIC BENEFITS PROGRAM (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)

TABLE 10: DISCLOSURES TO GOVERNMENT DEPARTMENTS AND AGENCIES PERFORMING BUSINESS ASSOCIATION FUNCTIONS; COUNTY AND STATE FINANCE AND ACCOUNTING; CENTRAL IT; COUNTY AND STATE ATTORNEYS; ARCHIVES (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)