Health Data Classification: Medical Information
In the realm of healthcare, it is essential to understand the Controlled Unclassified Information (CUI) authorities that govern the handling of sensitive data. These authorities are established by various statutes and regulations, and locating them can be a straightforward process.
Firstly, it is important to know that a "health care provider" is an entity that offers healthcare services to individuals.
The primary method for finding CUI authorities mentioned in a text is by consulting the CUI Registry on the National Archives website. This Registry provides direct links from each CUI safeguarding and dissemination authority citation to the original statute, regulation, or government-wide policy that authorizes controlling that information as CUI.
For instance, if a text cites a "Safeguarding and/or Dissemination Authority" such as a United States Code section like 22 USC 286f, the CUI Registry links directly to the relevant statute or regulation text that establishes the CUI category and control. Sanctions authorities listed alongside specify the applicable penalties and reference the corresponding statutes or regulations.
Starting with the CUI Registry at the National Archives website’s category detail pages, such as https://www.archives.gov/cui/registry/category-detail/international-financial-institutions, allows one to systematically locate source documents for all referenced CUI authorities.
If the specific text includes citations to statutes or regulations by number, such as 22 USC 286f(c), use these identifiers in the Registry or official legal databases such as the United States Code, Code of Federal Regulations, or Federal Register to find the original documents.
It is worth noting that no universal repository holds all CUI authority source documents en masse besides the cited Registry and official code sources maintained by the government. Therefore, the recommended process is to:
- Identify the authority citation(s) in the text.
- Search the CUI Registry for those citations, where clickable links to the authoritative source documents are provided.
- If needed, access official legal publication sites to view or download the full statutory or regulatory texts.
This approach ensures authoritative and up-to-date source documents regarding CUI authorities.
Some examples of CUI authorities related to healthcare include 42 USC 290dd-2(a) and 42 USC 242m(d), which are basic authorities with the banner marking CUI. The term "health information" can be in oral or recorded form and in any medium, and is defined under 42 USC 1320d(4) as any information created or received by certain entities that relates to an individual's physical or mental health, healthcare provision, or healthcare payment.
The category marking for health information is HLTH, and the entities that fall under this definition include health care providers, health plans, public health authorities, employers, life insurers, schools or universities, and health care clearinghouses.
In addition to basic authorities, there are also specified authorities with the banner marking CUI//SP-HLTH. For example, 42 CFR 2.13(c) is a basic authority with this banner marking.
The banner marking CUI stands for Controlled Unclassified Information, and the banner marking CUI//SP-HLTH is an alternative for basic authorities in relation to health information.
By following these steps, you can ensure you are handling healthcare-related CUI in a secure and compliant manner.
- To locate CUI authorities relevant to health and wellness, you can consult the CUI Registry at the National Archives website, where you can find direct links to the statutes or regulations that establish CUI categories related to international financial institutions, such as health care-related CUI authorities, like 42 USC 290dd-2(a) and 42 USC 242m(d).
- With the help of the CUI Registry, you can identify and access source documents for all reference CUI authorities, including those relevant to health-and-wellness, like the banner marking CUI and CUI//SP-HLTH, which cover health information and entities like health care providers, health plans, and health care clearinghouses.
