What to know
- The National Center for Health Statistics (NCHS) takes protecting patient privacy and health center confidentiality very seriously.
- Specific legal protections safeguard private and confidential information collected by the National Ambulatory Medical Care Survey.
- The Health Information Portability and Accountability Act allows NAMCS to collect these data.
Privacy protections
The National Center for Health Statistics (NCHS) takes participant privacy very seriously. We do not release the names of providers or health centers that participate in the National Ambulatory Medical Care Survey (NAMCS) to anyone. This protects the privacy of your health center and healthcare providers, as well as the privacy of the patients and communities you serve.
Only NCHS employees working directly on this project, our specially designated agents (including contractors managing the survey), and our full research partners can see information collected in the survey that could be used to identify facilities, providers, or patients.
Anyone else can use your data only after all information that could identify your health center, providers, and patients has been removed. All information that relates to or describes identifiable characteristics of facilities and their patients is combined with other health centers' information before it is released. This protects everyone's identity.
Legal protections
NCHS staff, contractors, agents, and full research partners will not disclose or release responses in identifiable form without the consent of the individual or establishment in accordance with—
- Section 308(d) of the Public Health Service Act (42 U.S.C. 242m(d)), and
- The Confidential Information Protection and Statistical Efficiency Act of 2018 or CIPSEA (44 U.S.C. 3561-3583).
In accordance with CIPSEA, every NCHS employee, contractor, and agent has taken an oath and is subject to a jail term of up to five years, a fine of up to $250,000, or both if they willfully disclose ANY identifiable information about you.
NCHS also complies with the Privacy Act of 1974 (5 U.S.C. § 552a) and the Federal Cybersecurity Enhancement Act of 2015 (6 U.S.C. §§ 151 and 151 note). The Privacy Act established a code of "fair information practices" to protect against unwarranted invasions of privacy. The Federal Cybersecurity Enhancement Act protects federal information systems from cybersecurity risks by screening their networks.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 allows healthcare providers to participate in studies like NAMCS for public health purposes.
The HIPAA Privacy Rule [HIPAA regulations (45 CFR 164.501)] recognizes—
- The legitimate need for public health authorities and others responsible for ensuring the public's health and safety to have access to protected health information to conduct their missions, and
- The importance of public health reporting by covered entities in identifying threats to the public and individuals.
The Privacy Rule permits—
- Protected health information disclosures without a written patient authorization for specified public health purposes to public health authorities legally authorized to collect and receive the information for such purposes, and
- Disclosures that are required by state and local public health or other laws.