Special provisions within HIPAA (PL 104-191) permit hospitals to provide data to public health entities such as CPSC for public health research purposes.
The HIPAA Privacy Rule (45 CFR Part 160 and Part 164 subparts A and E) recognizes (i) the legitimate need for public health authorities and others who are responsible for ensuring the public’s health and safety to have access to protected health information to conduct their missions, and (ii) the importance of public health reporting by covered entities in identifying threats to the public and individuals.
The Privacy Rule permits (i) protected health information disclosures without written patient authorization for specified public health purposes to be provided to public health authorities who are legally authorized to collect and receive the information for such purposes; and (ii) disclosures that are required by state and local public health or other laws [HIPAA regulations (45 CFR 164.501)]. Thus, HIPAA permits hospitals to participate in studies of this nature for public health purposes.
If you have additional questions about HIPAA privacy rules and NEISS, please contact the NEISS team.