Introduction
Public health programs at both the state and
county level often pay for health services in a variety of
areas. Programs at the State level are almost exclusively
payers; county level programs are moving more and more into the
payer category as they increasingly contract with external
entities to provide direct services. Some common services paid
for by public health include HIV, STD, and TB drugs and
treatment and primary care services for infants and children and
other vulnerable populations not covered by Medicaid. These
payer programs may meet the HIPAA definition of a health plan,
which is simply defined as an individual or group plan that pays
or provides the cost of medical care. However, public payers do
not operate like commercial health plans, so determining whether
and how to apply the privacy provisions can be challenging.
Other public payers of health services that may find themselves
directly or indirectly impacted by HIPAA privacy provisions
include social service programs such as aging, vocational
rehabilitation, disability, home care, mental health, substance
abuse, crisis and/or emergency services, and school health.
While these tables are targeted more specifically to public
health programs, the public programs listed above may also find
the PRISM tool useful for general privacy guidance.
The payer function is directly impacted by HIPAA, but the
privacy provisions should not substantively affect most uses and
disclosures for that function. In general, the ability to use
and disclose information for payer purposes is very similar to
that of providers.
However, public health departments and programs seldom perform
only payer functions; instead, payer functions are often
performed along with provider, public health authority, and/or
health oversight functions. Payer programs are also likely to be
part of a larger entity that must comply with the HIPAA
provisions. If payer functions are combined with provider
functions, it is generally prudent to apply the provider privacy
requirements, which are more extensive, to both the provider and
payer activities.
Select the type of data disclosure in which you are interested.
Use the “back” button to return to the previous menu. Click here to download the entire set
of tables. Please note that this PDF is (516 KB/105 pages) and may take
several minutes to download.
TABLE 1: WHO CONTROLS INFORMATION ABOUT
INDIVIDUALS
TABLE 2: DISCLOSURES FOR TREATMENT, PAYMENT AND HEALTH CARE
OPERATIONS
TABLE 3: DISCLOSURES TO PERSONS INVOLVED IN INDIVIDUAL’S CARE;
FOR NOTIFICATION PURPOSES
(NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)
TABLE 4: DISCLOSURES REQUIRED BY LAW; FOR PUBLIC HEALTH
ACTIVITIES; FOR HEALTH OVERSIGHT; FDA
REGULATED PRODUCTS (NON-TPO DISCLOSURES ALLOWED WITHOUT
AUTHORIZATION)
TABLE 5: DISCLOSURES TO AVERT SERIOUS THREAT TO HEALTH AND
SAFETY; FOR ORGAN DONATIONS; TO WHISTLE-BLOWERS AND WORKFORCE MEMBER CRIME VICTIMS (NON-TPO DISCLOSURES
ALLOWED WITHOUT AUTHORIZATION)
TABLE 6: DISCLOSURES FOR JUDICIAL AND ADMINISTRATIVE
PROCEEDINGS; LAW ENFORCEMENT PURPOSES;
CORRECTIONS AGENCY; BOARDS OF PRACTICE (NON-TPO DISCLOSURES
ALLOWED WITHOUT AUTHORIZATION)
TABLE 7: DISCLOSURES FOR SPECIALIZED GOVERNMENT FUNCTIONS;
WORKERS’ COMPENSATION; BUSINESS
ASSOCIATES (NON-TPO DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)
TABLE 8: DISCLOSURES FOR RESEARCH; TO HHS; FOR MARKETING;
FUNDRAISING (NON-TPO DISCLOSURES ALLOWED
WITHOUT AUTHORIZATION)
TABLE 9: DISCLOSURES TO SCHOOLS; TO CORONERS AND MEDICAL
EXAMINERS; TO LAW ENFORCEMENT ABOUT CRIME
VICTIMS; PUBLIC BENEFITS PROGRAMS (NON-TPO DISCLOSURES ALLOWED
WITHOUT AUTHORIZATION)
TABLE 10: DISCLOSURES TO GOVERNMENT DEPARTMENTS AND AGENCIES
PERFORMING BUSINESS ASSOCIATE FUNCTIONS;
COUNTY AND STATE FINANCE AND ACCOUNTING; CENTRAL IT; COUNTY AND
STATE ATTORNEYS; ARCHIVES (NON-TPO
DISCLOSURES ALLOWED WITHOUT AUTHORIZATION)
|
