Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Adoption of standard HL7 CUI codes ensures interoperability across HL7 Version 2, CDA, and FHIR content using syntax specific security labeling.

Per NARA, CUI Program allows you to use any font size and color, just as long as the banner marking is in the header of the document and is readily apparent to the user.  

Relevant CUI Health and Privacy Authorities for HIE

The following authorities are included in CUI Category: General Privacy and CUI Category: Health Information

Info TypeCategoryBasic / SpecifiedAuthorityContextFederal  Agencies to which this appliesSafeguarding / Dissemination
PIIPRVCYSpecifiedOMB M-17-12Preparing for and addressing PII breach All Federal health agencies/contractors & HIPAA BA/cooperative agreement partiesDissemination
PIIPRVCYBasicOMB A130Managing PIIAll Federal health agencies/contractors & HIPAA BASafeguarding
IIHIHLTHSpecified42 USC 1320d-5HIPAA Statute Security Safeguards for IIHIAll Federal health agencies/contractors which are Covered Entities or BA
IIHIHLTHSpecified42 CFR 2.16(a)Part 2 Security of Substance Use Disorder RecordsFederal health agencies to which Part 2 applies (not VA?)
IIHIHLTHBasic42 CFR 2.1(a)Part 2 - Disclosure authorizationFederal health agencies to which Part 2 applies (not VA)
IIHIHLTHBasic42 CFR 2.1(f)Part 2 Substance Use Disorder ConfidentialityFederal health agencies to which Part 2 applies (not VA)Safeguarding / Dissemination
IIHIHLTHBasic42 CFR 2.12(a)Part 2 - Restrictions on disclosure.Federal health agencies to which Part 2 applies (not VA)
IIHIHLTHBasic42 CFR 2.13(c)Part  2 - Confidentiality restrictions and safeguards. (c) Acknowledging the presence of patients: Responding to requests. Federal health agencies to which Part 2 applies (not VA)
IIHIHLTHBasic42 CFR 2.2(a)Part 2 - Purpose and effect.Federal health agencies to which Part 2 applies (not VA)Safeguarding / Dissemination
IIHIHLTHBasic42 CFR 2.21(b)Part 2 - Research Privilege Confidentiality Federal health agencies to which Part 2 applies (not VA)
IIHIHLTHBasic38 USC 7332(a)Veterans ConfidentialityFederal health agencies to which 7332 applies
PHIHLTHBasic45 CFR 164.508(a)HIPAA Privacy Rule Uses and Disclosures for which an authorization is required.All Federal health agencies/contractors which are Covered Entities or BA
PHIHLTHBasic45 CFR 164.530(e)HIPAA Safeguards under Privacy RuleAll Federal health agencies/contractors which are Covered Entities or BA
PHIHLTHBasic45 CFR 164.502(a)HIPAA Privacy Rule Uses and disclosure of PHI without authorizationAll Federal health agencies/contractors which are Covered Entities or BA
PHIHLTHBasic45 CFR 164.310(a)(1)HIPAA Security Rule Physical SafeguardsAll Federal health agencies/contractors which are Covered Entities or BA
ePHIHLTHBasic45 CFR 164.306(a)HIPAA Security standards general rulesAll Federal health agencies/contractors which are Covered Entities or BA