Bass, Berry & Sims attorney Nesrin Tift discussed what providers subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are permitted to share with health departments and other public health authorities regarding COVID-19 testing results.

“Since the COVID-related public health emergency was declared, for the most part, laws around privacy of health information have not really changed,” said Nesrin. However, Nesrin adds the law qualifies that “only the minimum necessary information should be shared,” she said.

The article addresses concerns about the decision by many states to release to police and/or fire departments the names and addresses of individuals who test positive for COVID-19. Under HIPAA, providers are permitted (and under some states’ laws are required) to report to state health departments and other public health agencies like the CDC the names and other information about individuals who have tested positive for a reportable virus. What state and local health departments then do with that information is not, unless the department is itself a covered entity, necessarily governed by HIPAA.

The full article, “Tennessee’s Decision to Release Public Health Data Leaves a Trade Off Too Great for Vulnerable Communities, Some Say,” was published May 13 by The Tennessean and is available online. The article was also published by affiliates the Knox News, Daily News Journal, Jackson Sun, and Leaf Chronicle.