|  | Public Health Safety | Public Health

HIPAA Disclosure Requirements

The Health Insurance Portability and Accountability Act (HIPAA) is meant to ensure that people's private health information is protected. HIPAA is overseen by the United States Office of Civil Rights. Disclosure requirements do allow patients to waive rights and share information with caregivers and families, but the act also sets down several privacy rules to protect that same information if it does not interfere with public health. Doctors may also release information to specialists treating the patient and insurance companies for billing purposes.

  1. Disclosure to Protect Public Health

    • Personal health information that would be a threat to public health if not released is not restricted like other health information. Disclosure is also allowed if the health condition is related to a virus or other contagious disease requiring quarantine. The records are shared if the patient is suspected to be a victim of bioterrorism, according to federal government requirements.

      Employers must disclose a patient's health information if the patient was injured on the job, according to the Occupational Safety and Health Act (OSHA). Health information can also be released to aid a criminal investigation, if the information could help in determining cause of death or in locating victims, suspects or witnesses, or if abuse or neglect is suspected.

    Disclosure by Authorization

    • HIPAA privacy rules require an authorization for disclosure of information that is not mandatory. Private health information may not be disclosed or used merely by consent, as in the case of treatment, payment, or health care, unless it satisfies authorization rules.

      Authorization includes details such as what information is to be released and what the information is going to be used for. It also tells who the information is to be released to and gives an expiration date for its release.

    Safeguards to Protect Information

    • One medical provider may fax protected health information to another provider as long as there are reasonable safeguards in place to protect the information. Ways that private information may reasonably be protected include administrative means such as confirming the fax number the information is being sent to is the correct one. This should be done prior to sending the information. Information is also more protected when both the sender and receiver of the information use a fax machine that is in a secure location.

Public Health - Related Articles