You Be The Security Expert:
Should We Ask Patient Before Disclosing 'Reportable Disease'?
Published on Tue Aug 28, 2007
Read the question below and decide how you would handle it before you compare it to our expert's advice.
Question: A patient comes in with a disease that represents a public health threat, i.e. a "reportable disease." Is a health care provider or other covered entity required to obtain permission from the patient before notifying public health officials about the case?
Answer:
No. The HIPAA Privacy Rule permits disclosures that are required by other law, and all states have regulations requiring covered entities to report occurrences of certain health care threats/diseases to public health authorities, according to the Department of Health and Human Services (HHS).
The Privacy Rule also allows covered entities to disclose health information to public health authorities that are authorized by law to collect information for "public health purposes." This access is crucial to public health authorities' ability to protect the public, says HHS. The kinds of information that covered entities may disclose to such authorities include:
- Occurrences of disease or injury
- Deaths and births
- Health concerns related to food, vitamins and/or other dietary supplements, drugs, biological products, and medical devices or products
In addition to having the right to gather such information, public health authorities are allowed to take certain actions to monitor and/or fight a public health threat.
For example:
Public health authorities may need to contact patients who were diagnosed with a dangerous communicable disease to find out where they contracted it so as to prevent further outbreaks.