Question

1. How public health agencies have different responsibilities in dealing with protected health information (PHI)?

2. Where they must follow HIPPA rules and get permission to release PHI, and where they can use it without permission and why?

Answer 1

Answer 1: Public health agencies have different responsibilities in dealing with protected health information (PHI) can be explained by the following means-

• This public health information (PHI) is critical to the public health activities in state and local governments which includes disease surveillance and disease investigation.
• Important federal laws and rights affect how to gather and disseminate information. The Health Insurance Portability and Accountability Act (HIPAA) as the US Department of Health and Human Services (DHHS) created the national privacy standards for health information as privacy rule.
• The DHHS created a security standard created to protect health information in electronic form, the security rule was strengthened by the passage of the Health Information Technology for Economic and Clinical Health (HITECH) as in addition to federal laws with state privacy and security standards.
• Here the HIPAA protects the information as protected health information that includes the individually identifiable information related to past, present & future mental and physical health conditions.
• HIPAA protects the information that is the provision of health care as per law and protecting the utmost security standards.
• Here HIPAA protects the payment of health care that identifies the individual or reasonably could be used to identify the individual. The HIPAA note that privacy rule applies to all forms of PHI whether electronic, written or oral.
• Certain records HIPAA excludes as certain education records, employment records, and records regarding a person who has been deceased for over 50 years and more. The privacy requirements do not apply to de-identified health information that cannot be trackback to certain individuals.

Answer 2: Where they must follow HIPAA rules to get permission to release PHI, where they can use it without permission can be explained below:

Sometimes covered entities can only share PHI with the written authorization of the individual but there are several instances when covered entities can disclose the PHI without authorization as-

1) The primary situations can be the broad categories of -

• Medical treatment.
• Payment.
• Health care operations.

2)The additional instances can covered entities can disclose the PHI related to-

• Public health abuse,
• Neglect or domestic violence.
• Judicial and administrative proceedings.
• Law enforcement and research.

3) Public health exception is a broad provision that allows the public health authorities in situations like-

• Public Health authorities are federal, state, tribal or local agencies responsible for public health under official records.
• Information of the patient for the purpose of preventing or controlling disease, disability or injury can be used as this includes public health investigation & public health interventions.