Destination Fun
Essay by review • February 24, 2011 • Essay • 1,103 Words (5 Pages) • 944 Views
Appendix B
Sample Text That Can Be Used To Clarify Public Health Issues Under the Privacy Rule
Following are sample letters that can be used to help clarify Privacy Rule issues among covered entities and public health authorities (e.g., CDC, National Institutes of Health, Food and Drug Administration, Substance Abuse and Mental Health Services Administration, Health Resources and Services Administration, state and local health departments). Public health authorities can use these letters as templates by inserting names of the appropriate individuals, projects, agreements, laws, activity types, covered entities, public health authorities, and authorized agencies.
From a public health authority to a covered entity, clarifying rules regarding disclosure
To Whom it May Concern:
[Public health authority] is an agency of [parent authority] and is conducting the activity described here in its capacity as a public health authority as defined by the Health Insurance Portability and Accountability Act (HIPAA), Standards for Privacy of Individually Identifiable Health Information; Final Rule (Privacy Rule) [45 CFR Ð'§164.501]. Pursuant to 45 CFR Ð'§164.512(b) of the Privacy Rule, covered entities such as your organization may disclose, without individual authorization, protected health information to public health authorities " . . . authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions . . . "
[Public health authority] is conducting [project], a public health activity as described by 45 CFR Ð'§ 164.512(b), and is authorized by [law or regulation]. The information being requested represents the minimum necessary to carry out the public health purposes of this project pursuant to 45 CFR Ð'§164.514(d) of the Privacy Rule.
If you have questions or concerns please contact [project leader].
From a public health authority to an authorized agency, providing grant of authority
Dear [authorized agency]:
This letter serves as verification of a grant of authority from [public health authority] for you to conduct the public health activities described here, acting as a public health authority pursuant to the Standards for Privacy of Individually Identifiable Health Information promulgated under the Health Insurance Portability and Accountability Act (HIPAA) [45 CFR Parts 160 and 164)]. Under this rule, covered entities may disclose, without individual authorization, protected health information to public health authorities " . . . authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions . . . ." The definition of a public health authority includes " . . . an individual or entity acting under a grant of authority from or contract with such public agency . . . ."
[Authorized agency] is acting under [contract, grant, cooperative agreement] with [public health authority] to conduct [project], which is authorized by [law or regulation]. [Public health authority] grants this authority to [authorized agency] for purposes of this project. Further, [public health authority] considers this to be [activity type], for which disclosure of protected health information by covered entities is authorized by 45 CFR Ð'§ 164.512(b) of the Privacy Rule.
From a public health authority to a covered entity, confirming grant of authority to an authorized agency
To Whom It May Concern:
[Public health authority] is an agency of [parent authority] and is a public health authority as defined by the Health Insurance Portability and Accountability Act (HIPAA), Standards for Privacy of Individually Identifiable Health Information; Final Rule (Privacy Rule)[45 CFR Ð'§ 164.501]. Pursuant to 45 CFR Ð'§ 164.512(b) of the Privacy Rule, covered entities may disclose protected health information to public health authorities " . . . authorized by law to collect or receive
...
...