HIPAA Compliance
Providing patient data to the Registry does NOT violate the Health Insurance Portability and Accessibility Act (HIPAA).
The Alzheimer's Disease Registry ("Registry") meets the HIPAA exception as a "public health authority" activity. The establishment of the Alzheimer's Disease Registry is set forth in W. Va. Code § 16-5R-7 making reporting mandatory and the information collected "shall be analyzed to prepare reports and perform studies as necessary when such data identifies information useful in developing policy" and planning.
Pursuant to HIPAA, 45 C.F.R. § 164.512(b), no authorization is required to disclose Private Health Information to: a public health authority authorized by law to receive information to prevent or control disease, injury, or disability, including reporting of disease, injury, vital events such as birth and death, and conduct of public health surveillance, public health investigations, and public health interventions.
Because the Registry fits within the HIPAA exception, it is not required by law to provide all of the rights to individuals that HIPAA requires. Beyond HIPAA, given that the Registry is not consumer facing and that information disclosed to it comes from health care providers and facilities, the other listed HIPAA individual rights would not be appropriate.