[Federal Register Volume 71, Number 31 (Wednesday, February 15, 2006)]
[Notices]
[Page 8042]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 06-1424]



[[Page 8042]]

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration


Public Health Authority Notification

AGENCY: Federal Aviation Administration (FAA), Department of 
Transportation (DOT).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The FAA is publishing this notice to inform hospitals and 
other health care organizations of its status as a ``public health 
authority'' under the medical privacy requirements of the Health 
Insurance Portability and Accountability Act of 1996.

FOR FURTHER INFORMATION CONTACT: Charles DeJohn, CAMI, Aeromedical 
Research Division, Federal Aviation Administration, CAMI Building, AAM-
600, RM 112A, P.O. Box 25082, Oklahoma City, OK 73125. 405-
954-5519.

SUPPLEMENTARY INFORMATION: The Health Insurance Portability and 
Accountability Act of 1996 (HIPAA) was enacted to improve the 
portability and continuity of health insurance coverage in the group 
and individual markets, to combat waste, fraud, and abuse in health 
insurance and health care delivery, to promote the use of medical 
savings accounts, to improve access to long-term care services and 
coverage to simplify the administration of health insurance, and for 
other purposes (Pub. L. 104-191, 110 Stat. 196 (1996)). The 
administration simplification provisions (HIPAA, Title II) require the 
Department of Health and Human Services (HHS) to establish national 
medical privacy regulations to protect the privacy of individually 
identifiable electronic health information. These regulations (the 
``Privacy Rule'') were published by the HHS on December 28, 2000, and 
established the standards to identify the rights of individuals who are 
the subjects of ``protected health information,'' which is defined as 
individually-identifiable health information; provide procedures for 
the exercise of those rights; and define the general rules and 
disclosures of protected health information. (45 CFR 160-164).
    Beginning April 14, 2003, the Privacy Rule prohibits health plans, 
health care clearinghouses and selected health care providers from 
using or disclosing protected health information, except as permitted 
by certain exceptions (45 CFR 164.502). Under one exception, the 
Privacy Rule permits the disclosure of protected information to public 
health authorities legally authorized to ``collect or receive the 
information for the purpose of preventing or controlling disease, 
injury, or disability'' (45 CFR 164.512(b)(1)(i)) A ``public health 
authority'' includes ``an agency or authority of the United States * * 
* that is responsible for public health matters as part of its official 
mandate'' (45 CFR 164.501). Examples of public health matters include 
the reporting of disease, injury, or vital events; and public health 
surveillance, public health investigations or public health 
interventions (45 CFR 164.512(b)(1)(i)).
    Guidance issued by HHS titled ``Disclosures for Public Health 
Activities (45 CFR 164.512(b))'' on December 3, 2002, and revised on 
April 3, 2003, further addressed the issue of disclosure to public 
health authorities. The guidance states that:

    The HIPAA Privacy Rule recognizes the legitimate need for public 
health authorities and others responsible for ensuring public health 
and safety to have access to protected health information to carry 
out their public health mission. The Rule also recognizes that 
public health reports made by covered entities are an important 
means of identifying threats to the health and safety of the public 
at large, as well as individuals. Accordingly, the Rule permits 
covered entities to disclose protected health information without 
authorization for specified public health purposes. (See: http://www.hhs.gov/ocr/hipaa/publichealth.pdf.pdf).

    The FAA has statutory responsibility for promoting safe flight of 
civil aircraft in air commerce. The scope of this statutory 
responsibility includes the performance of medical research intended to 
protect the occupants of aircraft from risks and hazards that are 
attendant to flight (49 U.S.C. 44701, 44703, 44507). The Administrator 
has delegated to the Federal Air Surgeon the responsibility for this 
research, which is conducted at the Civil Aerospace Medical Institute 
(CAMI). The medical and crash injury research conducted at CAMI 
requires collection and analysis of relevant data which the FAA relies 
upon to establish safety standards for such issues as cabin materials, 
seat design and strength, and environmental control. These research 
functions are conducted in the interests of public health and the 
improvement of aviation safety for the traveling public. Public health 
authority status will allow CAMI to efficiently obtain medical 
information necessary to fulfill its statutory mission.
    In light of the statutory duties described above, the FAA has 
determined that it is a public health authority within the meaning of 
the Privacy Rule. As a public health authority, FAA is entitled to 
receive protected health information from hospitals and other health 
care organizations, without written consent or authorization because 
disclosures of protected health information to a public authority are 
permitted disclosures under the Privacy Rule (45 CFR 
164.502(a)(1)(vi)).

    Issued in Washington, DC on February 10, 2006.
Nicholas A. Sabatini,
Associate Administrator for Aviation Safety, AVS-1.
[FR Doc. 06-1424 Filed 2-14-06; 8:45 am]
BILLING CODE 4910-13-M