HIPAA is the federal Health Insurance Portability and Accountability Act of 1996 and one of its primary goals is to protect the confidentiality and security of healthcare information. Protecting patient information is paramount for health centers, but complying with HIPAA does not prevent them from successfully conducting voter outreach with patients.
What are the HIPAA issues when doing voter registration?
- Voter registration cards and information are not subject to HIPAA regulations. A center’s ability to capture or copy the data is a matter of local election law.
How does HIPAA affect the collection of advocacy or pledge to vote cards?
- Voter and civic engagement is a voluntary, opt-in activity. Patients voluntarily provide contact information for this purpose. It is ok for health centers to ask patients to fill out a pledge to vote or advocacy card and to track the data for follow up and program evaluation. It’s a good policy to restrict what staff members have access to the list.
How do we avoid violating the HIPAA privacy rule?
- HIPAA prohibits the use of patient databases for activity related to civic engagement programs. Do NOT use data from a patient’s record to fill out a voter registration form or for any other purpose. Only use information provided by the patient for this purpose or have them complete the card.
- Do not include anything in your voter engagement database that would conclusively identify the individual as a patient. This means you should: (1) Target civic engagement to a broader population and include others who are not patients, such as family members, staff, or community members, and (2) Share your data with others ONLY if your list is a broader civic engagement list including both non-patients and patients and the data you share does not contain your center’s name.