The US Constitution does not impart a broad right to the privacy of individual health information. 7 At the federal level, statutes place boundaries around the collection, use, and disclosure of certain types of health-related information. These statutes include the Freedom of
Information Act,8 the Privacy Act of 1974,9 the Department of Health and Human Services (HHS) Human Subject Protection Regulations, 10 the E-Government Act of 2002, 11 the Family Educational Rights and Privacy Act,12 the Federal Drug and Alcohol Confidentiality provisions,
13 and the Genetic Information Nondiscrimination Act. 14 These statutes restrict the use of
information for different purposes. For example, the HHS Human Subjects Protection Regulations focus on protecting information in the research context. However, the most frequently cited law in discussions of the privacy of public health information is the Health Insurance Portability and Accountability Act (HIPAA) and its associated regulations. The HIPAA Privacy Rule protects most health records from disclosure but permits health care providers to make disclosures
to public health officials and for certain other purposes. 15 The rule does not protect information possessed by public health officials from disclosure, except in limited circumstances. HIPAA also does not preempt state laws on the use or disclosure of data by public
health authorities.