Key points
- The National Center for Health Statistics (NCHS) takes protecting patient privacy and provider confidentiality very seriously.
- Specific legal protections safeguard private and confidential information collected by the National Health Care Surveys.
- The Health Information Portability and Accountability Act (HIPAA) allows NCHS to collect patient data for public health purposes.
Overview
The privacy and confidentiality protections described on this page cover participants in all the National Health Care Surveys and their components, including—
- National Ambulatory Medical Care Survey: Health Center Component
- National Ambulatory Medical Care Survey: Provider Survey Component
- National Electronic Health Records Survey
- National Hospital Care Survey
- National Post-acute and Long-term Care Study: Adult Day Services Center Survey
- National Post-acute and Long-term Care Study: Residential Care Community Survey
Privacy protections
The National Center for Health Statistics takes participant and patient privacy very seriously. We do not release the names of participating healthcare providers, facilities, or their patients to anyone. This protects the privacy of participating providers and facilities, and the privacy of the patients and communities they serve.
Only our employees working directly on the National Health Care Surveys, our specially designated agents (including contractors managing the survey), and our full research partners can see information collected in these surveys that could be used to identify healthcare providers, facilities, or patients.
Anyone else can only use our data after all information that could identify providers, facilities, and patients has been removed. For each of our surveys, all information that relates to or potentially describes identifiable characteristics is combined with similar information from other participants before it is released. This protects everyone's identity.
Legal protections
National Center for Health Statistics staff, contractors, agents, and full research partners will not disclose or release responses in identifiable form without the consent of the individual or establishment in accordance with—
- Section 308(d) of the Public Health Service Act (42 U.S.C. 242m(d)), and
- The Confidential Information Protection and Statistical Efficiency Act (CIPSEA) (44 U.S.C. 3561-3583).
In accordance with CIPSEA, every National Center for Health Statistics employee, contractor, and agent has taken an oath and is subject to a jail term of up to five years, a fine of up to $250,000, or both if they willfully disclose ANY identifiable information about you.
The National Center for Health Statistics also complies with the Federal Cybersecurity Enhancement Act of 2015 (6 U.S.C. §§ 151 and 151 note), which protects federal information systems from cybersecurity risks by screening their networks.
HIPAA
Two of the National Health Care Surveys currently collect patient-level data from healthcare facilities—
- National Ambulatory Medical Care Survey Health Center Component
- National Hospital Care Survey
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 allows health centers and hospitals to participate in studies like these for public health purposes.
The HIPAA Privacy Rule [HIPAA regulations (45 CFR 164.501)] recognizes—
- The legitimate need for public health authorities and others responsible for ensuring the public's health and safety to have access to protected health information to conduct their missions, and
- The importance of public health reporting by covered entities in identifying threats to the public and individuals.
The Privacy Rule permits—
- Protected health information disclosures without a written patient authorization for specified public health purposes to public health authorities legally authorized to collect and receive the information for such purposes, and
- Disclosures that are required by state and local public health or other laws.