Public health officials, attorneys, policy-makers and advocates have reached out to the Network with requests for legal assistance. Below are some of these requests and the responses given by Network attorneys. To protect privacy, names are not included in the examples. In addition, the Network will not share an example if a requestor asks for his or her request to be withheld.
If you have a question, submit it here.
Mobile devices are frequently used to access, share, or communicate information about an individual’s or a patient’s health records or status. Any mobile device that receives, transmits or stores protected health information (PHI) must comply with the Health Insurance Portability and Accountability Act (HIPAA). A staff person from a local health department recently contacted the Network about whether other public health agencies have stand-alone HIPAA policies that specifically address mobile device usage.
A physician who participates on an asthma workgroup recently contacted the Network about potential legal issues related to keeping and distributing lists of students with health concerns in a school setting. Specifically, the requestor wanted to know the considerations involved in having schools create lists of students who suffer from asthma to distribute to teachers, coaches, bus drivers and other staff. This list would help staff be prepared to respond in case of an asthma attack.
The Network received a request from a health researcher working on anonymizing health data to comply with the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). The researcher asked the Network if failing to de-identify the health care provider could be seen as a violation of privacy under HIPAA.
The Network was contacted by an Indiana health care facility that provides services to pregnant women and girls. The facility has an ultrasound machine and wanted to know whether Indiana law prohibits providers from performing an ultrasound procedure on a minor without parental knowledge or consent.
The Network recently received an inquiry about how privacy and insurance laws treat information derived from genetic testing.
The Network was recently asked whether a school district can specifically request that parents provide details regarding their child’s absence for illness under the Family Educational Rights and Privacy Act (FERPA), and if so, what logistics would be implied in legally collecting and protecting that information.
The Network was recently contacted by a requestor who asked for a general overview of statutory authority for the use of syndromic surveillance across jurisdictions.
The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) seeks to balance the need of public health agencies to access health data with the desire of patients for health care privacy. The Network was recently asked whether local health departments can request and obtain hospital medical records for investigating a cancer or environmental disease cluster.