CUI Registry: Privacy-Health Information
SUBCATEGORY REPLACED BY CATEGORY HEALTH INFORMATINO APRIL 2018
Refers to personal information, or, in some cases, "personally identifiable information," as defined in OMB M-17-12, or "means of identification" as defined in 18 USC 1028(d)(7).
|Subcategory Description:||As per 42 USC 1320d(4), "health information" means any information, whether oral or recorded in any form or medium, that (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.|
Notes for Safeguarding, Dissemination and Sanction Authorities:
- CUI Specified authorities include specific handling practices that differ from general CUI requirements. For Specified authorities, reference individual Safeguarding/Dissemination control citations for distinct requirements
- Whether CUI is Basic or Specified is determined by the applicable Safeguarding and/or Dissemination Authority for that CUI.
- Each "Safeguarding and/or Dissemination Authority" citation links to the statute, regulation or government-wide policy authorizing the control of that information as CUI.
- Each "Sanctions" authority links to the statute, regulation or government-wide policy that includes penalties for CUI misuse of CUI for the associated "Safeguarding and/or Dissemination Authority" on the same line.
|Safeguarding and/or Dissemination Authority||Basic or
|18 USC 3486(e)||Specified|
|18 USC 4247(e)||Basic|
|42 USC 242m(d)||Specified|
|38 USC 7332(a)||Basic||38 USC 5705|
|38 USC 5705||Basic||38 USC 5705|
|42 USC 12112(d)||Basic||42 USC 12188|
|42 USC 1320d-2(d)(2)||Specified||42 USC 1320d-5
42 USC 1320d-6(b)
|42 USC 1320d-2 note(b)(Public Law 104-191, Section 264)||Basic||42 USC 1320d-5
42 USC 1320d-6(b)
|42 USC 15044(c)||Basic|
|42 USC 290dd-2(a)||Basic||42 USC 290dd-2(f)|
|20 CFR 401.200(g)||Specified||20 CFR 401.200(h)|
|29 CFR 1630.14(b)(1)||Specified|
|42 CFR 2.1(a)||Basic||42 CFR 2.1(f)|
|42 CFR 2.12(a)||Basic||42 CFR 2.1(f)|
|42 CFR 2.13(c)||Basic||42 CFR 2.1(f)|
|42 CFR 2.16(a)||Specified||42 CFR 2.1(f)|
|42 CFR 2.2(a)||Basic||42 CFR 2.2(f)|
|42 CFR 2.21(b)||Basic||42 CFR 2.2(f)|
|45 CFR 164.306(a)||Basic|
|45 CFR 164.310(a)(1)||Basic|
|45 CFR 164.502(a)||Basic|
|45 CFR 164.508(a)||Basic|
|45 CFR 164.530(c)||Basic||45 CFR 164.530(e)|
Authority links are updated based on regular re-publication of the United States Code and Code of Federal Regulations, and the CUI Registry maintenance schedule.