May a HIPAA Covered Entity or Its Business Associate Disclose Protected Health Information (PHI) for Purposes of Cybersecurity Information-Sharing of Cyber Threat Indicators?

U.S. Department of Health and Human Services. 09/07/2016 This fact sheet addresses the question of whether a Health Information Portability and Accountability Act (HIPAA)-covered entity or its business associate may disclose protected health information (PHI) for purposes of cybersecurity information-sharing of cyber threat indicators. It details the answer, which is no, unless the disclosure is otherwise permitted under the HIPAA Privacy Rule, particularly given that cyber threat indicators do not generally include PHI. (Text)

https://disasterlit.nlm.nih.gov/record/14931

Source: Disaster Lit: Resource Guide for Disaster Medicine and Public Health - May 17, 2017 Category: International Medicine & Public Health Authors: The U.S. National Library of Medicine Source Type: news

More News: Databases & Libraries | Department of Health | HIPAA | International Medicine & Public Health