Public Health Authority (PHA) Status
CIBMTR meets the U.S. Department of Health & Human Services HIPAA Privacy Rule’s definition of a public health authority (PHA) and is authorized by law to collect the information necessary to fulfill the legislated mandate to collect data needed to assess outcomes of hematopoietic cell therapy. It is therefore not a “covered entity” under HIPAA. Additionally, transplant centers that fit the definition of covered entities may disclose certain individually identifiable health information to CIBMTR under 45 CFR 164.512 (HIPAA Privacy Rule). This allows for the disclosure of an individual’s protected health information without the individual’s written consent or authorization when such a disclosure is made to a PHA that is authorized by law to collect information for the purpose of preventing or controlling disease, injury, or disability.
(See: The National Institutes of Health’s Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule. Click here)