Skip Navigation

Special Topics in Health Information Privacy

Public Health

Group of adults and children

Protecting public health, including through public health surveillance, program evaluation, terrorism preparedness, outbreak investigations, and other public health activities, often requires access to or the reporting of the protected health information of individuals.  This information is used to identify, monitor, and respond to disease, death, and disability among populations.

The Privacy Rule recognizes the legitimate need for public health authorities and certain others to have access to protected health information for public health purposes and the importance of public health reporting by covered entities to identify threats to the public and individuals.  Thus, the Privacy Rule permits covered entities to disclose protected health information without authorization for specified public health purposes.

Eye dropper and test tubes


Researchers in medical and health-related disciplines rely on access to many sources of health information, from medical records and epidemiological databases to disease registries, hospital discharge records, and government compilations of vital and health statistics.

The Privacy Rule recognizes that the research community has legitimate needs to use, access, and disclose individually identifiable health information to carry out a wide range of health research protocols and projects.  The Privacy Rule protects the privacy of such information when held by a covered entity but also provides ways in which researchers can access and use the information for research, subject to various conditions.

Emergency Preparedness

Phone with Call 911 message

Emergency preparedness and recovery planners may seek protected health information to ensure that in an emergency, individuals can receive the assistance or care they need.  In addition, during a severe disaster, those involved in disaster relief efforts may seek protected health information to provide persons displaced and in need of health care ready access to services, and the means of contacting family and caregivers. 

The Privacy Rule allows access to protected health information for emergency preparedness planning and response under a number of circumstances.

   Health care professionals using laptop

Health Information Technology

Health information technology (health IT) involves the exchange of health information in an electronic environment.  Widespread use of health IT will improve the quality of health care, prevent medical errors, reduce health care costs, increase administrative efficiencies, decrease paperwork, and expand access to affordable health care.  It is imperative that the privacy and security of health information be ensured as this information is maintained and transmitted electronically.

The Privacy Rule's established baseline of privacy protections and individual rights with respect to individually identifiable health information support the use of health IT and provide important protections in this area. The Security Rule supports the adoption of new health information technologies while setting standards to ensure appropriate protection of electronic protected health information.

Genetic Information

Test tubes
The Genetic Information Nondiscrimination Act (GINA) was signed into law on May 21, 2008.  GINA prohibits discrimination in health coverage and employment based on genetic information.

GINA requires modifications to the Privacy Rule to clarify that genetic information is a type of health information and to prohibit most health plans from using or disclosing genetic information for underwriting purposes.
Back to Top