• E-mail
• Print
• RSS

If we believe that a person has been exposed to a communicable disease, does the privacy rule prohibit us from notifying that person?

HIPAA Weekly Advisor, September 13, 2002

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: If we believe that a person has been exposed to a communicable disease, does the privacy rule prohibit us from notifying that person?

A: The privacy rule permits a covered entity to disclose protected health information (PHI), without authorization, to a person who may have been exposed to a communicable disease or otherwise be at risk of contracting or spreading a disease or condition, if authorized by law as part of a public health intervention or investigation.

The privacy rule also allows covered entities to disclose PHI to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability.

The privacy rule defines a public health authority as an agency or authority of the U.S. or a state, territory, political subdivision of a state or territory, an Indian tribe, or a person or entity acting under a grant of authority from or contract with a public agency that is responsible for public health matters as part of its official mandate. This includes the employees or agents of a public agency or its contractors, persons, or entities to whom it has granted authority.

A disclosure of this type would need to be included in an accounting.

Editor's note: Brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP (http://www.bricker.com) and The Quality Management Consulting Group, Ltd. (http://www.qmcg.com). E-mail: mbaxter@bricker.com or gmcbeath@bricker.com.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive