Corporate Compliance

HIPAA and FDA compliance

Compliance Monitor, June 24, 2005

Q: What activities are considered to be related to the quality, safety, or effectiveness of an FDA-regulated product or activity?

A: The HIPAA regulations permit a covered entity to disclose protected health information to a person subject to the jurisdiction of the Food and Drug Administration with respect to an FDA-regulated product or activity for which that person has responsibility, for the purpose of activities related to the quality, safety or effectiveness of such FDA-regulated product or activity.

The regulations list the following activities and note that this is not an exclusive list:

  • To collect or report adverse events (or similar activities with respect to food or dietary supplements), product defects or problems (including problems with the use or labeling of a product), or biological product deviations
  • To track FDA-regulated products
  • To enable product recalls, repairs, or replacement, or lookback (including locating and notifying individuals who have received products that have been recalled, withdrawn, or are the subject of lookback)
  • To conduct post marketing surveillance

For more information see Section 164.512(b), "Uses and Disclosures for Public Health Activities" on the Bricker Eckler Web site.

Editor's note: Attorneys from Bricker & Eckler LLP answered this question. This is not legal advice. Consult your attorney for legal matters.

Most Popular