Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Navigating the restrictions built into federal legislation requires an understanding of the letter and spirit of pertinent laws and security provisions, including the nuances around exclusions that might enable you and your early childhood community partners to share data legally and effectively. Resources to better familiarize yourself with HIPAA and how to share HIPAA-regulated data (health and related data) within federal requirements are provided here.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is federal legislation that provides data privacy and security provisions for safeguarding medical information. According to 45 C.F.R. §164.512, a HIPAA covered entity, “may use or disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.” In Virginia, such a law exists – Chapter 467 of the Virginia Acts of Assembly (an Act introduced as House Bill 2457 and approved by the General Assembly on March 13, 2017, to amend and reenact § 2.2-212 of the Code of Virginia) requires that, “as requested by the Secretary of Health and Human Resources and to the extent authorized by federal law, the agencies of the Secretariat of Health and Human Resources shall share data, records, and information about applicants for and recipients of services from the agencies of the Secretariat, including individually identifiable health information for the purposes of (i) streamlining administrative processes and reducing administrative burdens on the agencies, (ii) reducing paperwork and administrative burdens on the applicants and recipients, and (iii) improving access to and quality of services provided by the agencies.”