Frequently Asked Questions About STD and HIV Reporting
Download version formatted for print: FAQ About STD and HIV Reporting (PDF)
Disclaimer of Legal Advice: The following is MDH's analysis of how the Minnesota Sexually Transmitted Disease Reporting requirements interact with the Health Insurance Portability and Accountability Act (HIPAA), privacy rules, 45 CFR 160 and 164. This is not legal advice and you should not rely on it as legal advice. Consult with a lawyer for legal advice.
On This Page:
Who is required to report STDs and HIV to the Minnesota Department of Health (MDH)?
What conditions are reportable?
What information must be included?
How can I report STDs or HIV to MDH?
Can I still disclose this information under HIPAA?
Is written consent by the patient required to release this information?
1. Who is required to report STDs and HIV to the Minnesota Department of Health (MDH)?
- Health care facilities
- Medical laboratories
2. What conditions are reportable?
Laboratory confirmed cases of:
Presumptive and confirmed cases of:
- Hepatitis B
- Any other reportable condition
Ongoing HIV laboratory results:
- All CD4+ lymphocyte counts and percents
- All HIV viral detection laboratory tests, including undetectable results
3. What information must be included?
The case report must include as much of the following information about the patient as is known:
- Date of Birth
- Date of specimen collection
- Treatment prescribed or dispensed
- Treatment date
- Physician name
- Phone number
- Other information pertinent to the case
4. How can I report STDs or HIV to MDH?
Any reportable infectious disease may be reported by phone to 651-201-5414 or 877-676-5414, or by filling out a confidential case report form.
HIV/AIDS Confidential Case Report Forms
Includes adult, pediatric, & perinatal forms
If you have questions about reporting or filling out a case report form please call 651-201-5414 or 877-676-5414
5. Can I still disclose this information under HIPAA?
YES. Public health reporting mandated by law is not changed by HIPAA. In fact, HIPAA expressly permits protected health information (PHI) to be shared for specified public health purposes. The HIPAA Privacy Rule allows covered entities to disclose PHI to public health authorities when required by federal, tribal, state, or local laws [45 CFR § 164.512(a)]. This includes state statutes and rules that provide for reporting of disease or injury, child abuse, birth or death, or conducting public health surveillance, investigation, or intervention. For disclosures not required by law, covered entities may still disclose PHI, without individual authorization, to a public health authority legally authorized to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability [45 CFR § 164.512(b)]. (Centers for Disease Control and Prevention. HIPAA Privacy Rule and Public Health: Guidance from CDC and the U.S. Department of Health and Human Services. MMWR 2003; 52(Supl):8.)
6. Is written consent by the patient required to release this information?
NO. Under the HIPAA privacy rules, no patient authorization or consent form is required for mandated reporting [45 CFR § 164.512(a)] or for public health activities [45 CFR § 164.512(b)].
7. Applicable Rules
See Minnesota Rules, Chapter 4605 (https://www.revisor.mn.gov/rules/?id=4605) on the Office of Revisor of Statutes website to view the Minnesota Communicable Disease Rule.
Content Notice: This site contains HIV or STD prevention messages that may not be appropriate for all audiences. Since HIV and other STDs are spread primarily through sexual practices or by sharing needles, prevention messages and programs may address these topics. If you are not seeking such information or may be offended by such materials, please exit this web site.