1 1 (July 09, 2020)

handle is hein.crs/govdauo0001 and id is 1 raw text is: 

                   Resarh Set-wkc

COVID-19: Digital Contact Tracing and

Privacy Law

July 9, 2020
Many states, territories, and localities have implemented public health orders to limit the spread of
Coronavirus Disease 2019 (COVID-19) in their respective communities, including stay-at-home orders,
orders temporarily closing schools and businesses, and orders limiting the size of public gatherings. In
preparation for the eventual relaxation and lifting of these orders, the Centers for Disease Control and
Prevention (CDC) have advocated that public health authorities use robust contact tracing procedures to
prevent the reoccurrence of widespread infections after communities reopen. While federal entities may
advise on these procedures, state and local authorities are responsible for contact tracing operations, as
provided by state law.
The term contact tracing generally refers to identifying and monitoring people who have been in
contact with someone diagnosed with an infectious disease, in order to locate other potentially infected
individuals quickly and take targeted control measures (such as quarantines) to prevent the broader spread
of the illness. Contact tracing is standard procedure in public health investigations, and historically
involves officials interviewing and contacting infected and potentially-exposed persons. However, some
of the contact tracing proposals aimed at controlling the spread of COVID- 19 suggest supplementing
traditional contact tracing procedures with technology to collect data electronically. These proposals raise
questions about how federal laws governing health information privacy may apply to electronic or digital
contact tracing. One such provision is the HIPAA Privacy Rule, which refers collectively to regulations
promulgated by the Department of Health and Human Services (HHS) under the Health Insurance
Portability and Accountability Act (HIPAA). This Sidebar discusses the HIPAAPrivacy Rule's
application to digital contact tracing and briefly discusses other federal laws that regulate data privacy.

HIPAA Privacy Rule Overview

The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by
covered entities and their business associates. Covered entities include health plans, health care
clearinghouses, and health care providers who transmit electronic health information in connection with
a flIPAA-covered trans action (such as billing). A health plan is an individual or group plan that provides,
or pays the cost of, medical care. This inc ludes health insurancec ompanies, health maintenance
organizations (HMOs), and government programs, such as Medicaid and Medicare, that pay for
                                                                 Congressional Re search Service

CRS Lega i&sebar
Prepa red.r M- :embersand
C o m m ; .. e e s o f Cen go  loC o   ---------------.. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------..........

What Is HeinOnline?

HeinOnline is a subscription-based resource containing nearly 2,700 academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline with pricing starting as low as $29.95

Access to this content requires a subscription. Please visit the following page to request a quote or trial:

Already a HeinOnline Subscriber?