• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

Radiation-Emitting Products

  • Print
  • Share
  • E-mail

HIPAA and Release of Information for MQSA Purposes

Implementation of the Health Insurance Portability and Accountability Act (HIPAA) has raised a number of issues with respect to mammography facilities that operate under the Mammography Quality Standards Act (MQSA). Two issues are arising with increasing frequency. The first concerns the protection of patient information during MQSA inspections. The second deals with whether other medical entities (e.g., referring physicians, pathology departments, surgeons) can release patient biopsy information to mammography facilities for purposes of the MQSA medical outcomes audit without obtaining patient authorization. The HIPAA regulations address these matters as follows:

Regarding the first issue, sections 164.512(b) and (d) of the HIPAA regulations allow a mammography facility to release patient information to an MQSA inspector without patient authorization because MQSA inspectors are performing health oversight activities required by law.

As to the second issue, section 164.512(b) of the HIPAA regulations allows a covered entity (e.g., referring physician, pathology department, surgeon) to release patient biopsy information to a mammography facility for purposes of the MQSA medical outcomes audit without patient authorization because the disclosure : (1) is to "a person subject to FDA jurisdiction;" (2) concerns an FDA-regulated product or activity for which the mammography facility has responsibility; and (3) relates to the quality, safety or effectiveness of the product or activity.

If you have a specific question about the regulations, please go directly to the Policy Guidance Help System. This is an information resource that looks like a Windows help system.