Skip to Content

Privacy and Confidentiality in Wisconsin

        Wisconsin law requires that identifiable information contained in patient health care records be kept confidential, unless the patient provides informed consent to disclose the information to specific people or entities.1 A patient’s parents, guardian, or representatives may access a patient’s health care records and consent to the disclosure of such records if the patient is a minor or is incapacitated.2 Public use data files submitted to the Department of Health Services must not contain patient or employer identifying information, such as zip codes or race/ethnicity information.3  Wisconsin also requires its Department of Health Services to take steps to protect patient identifying data in data collection and dissemination.  The law requires that data be aggregated and that specific identifying elements be removed.  Furthermore, the law only allows the Department of Health Services to disclose patient identifying data to an agent of the Department, health care provider for verification purposes, or federal or state entity for epidemiological research.4  Wisconsin regulations specify information that is considered patient identifying, and therefore confidential, such as the patient’s date of birth, patient’s employment status, and hospitalization dates.5  Wisconsin law also protects the confidentiality of treatment records for mental illness, alcohol or drug abuse patients, and prohibits the disclosure of patient identifying information.6  In order to disclose whether a person is receiving any such treatment, a patient’s written informed consent must be given, except in limited circumstances, such as program evaluation, research or to law enforcement.7

        Wisconsin generally requires a person to authorize the release of their drug or disease test results. For example, employers may only access their employee’s genetic test results if the employee consents.8 However, Wisconsin requires providers to report, without the test subject’s consent, positive drug test results to a child welfare agency whenever the test subject is the mother of an infant or an expectant mother.9 Additionally, the results of HIV tests may be released without the test subject’s consent to various persons that need to information because they have been exposed to the test subject’s bodily fluid or the information is necessary to ensure their safety.10

        State law also prohibits the use or disclosure of information obtained regarding Medicaid patients or applicants not connected to the administration of benefits.11  Wisconsin also gives similar protections to information regarding Medicare beneficiaries or applicants.12  A number of Wisconsin’s privacy regulations also apply to private health insurance companies.  Insurers must provide a clear and conspicuous notice outlining their privacy policies regarding nonpublic personal financial information to customers.13  The law also requires insurers to provide consumers notice of their right to opt-out of disclosure of nonpublic personal financial information to third parties.14  The law provides certain exceptions for these requirements.15  Insurers are also prohibited from disclosing a consumer’s nonpublic health information unless the insurer obtains an authorization to disclose or the disclosure is for the performance of insurance functions.16  Wisconsin also prohibits insurers from disclosing a consumer’s policy number or similar account code to any nonaffiliated third party for any type of marketing purposes.17

        Publicly reported disease specific data is also subject to confidentiality laws in Wisconsin.  For example, all reports pertaining to sexually transmitted diseases must remain confidential and are not open to public inspection.18  Reports made to the Department of Human Services’ Division of Maternal Child Health regarding birth defects are subject to similar confidentiality requirements.  However, individually identifiable information may be released in some limited circumstances, such as for verification or research purposes.19  Individually identifiable cancer reports must also be kept confidential and cannot be disclosed unless it is to a central registry or for research purposes.20

        Wisconsin does allow certain persons and entities to access, in limited circumstances, patient health records and disclose information contained therein without the patient’s consent. Wisconsin also allows the disclosure of patient health information for purposes of quality and utilization review, but quality and utilization review organizations that access such information must keep it confidential.21

        

Footnotes

  • 1. W.S.A. § 49.498; W.S.A. § 51.61; W.S.A. 146.82
  • 2. W.S.A. § 54.25
  • 3. Wis. Admin. Code DHS §120.26
  • 4. W.S.A. 153.50
  • 5. Wis. Admin. Code DHS §120.30
  • 6. W.S.A. § 51.45(14)
  • 7. Wis. Admin. Code DHS §92.03; Wis. Admin. Code DHS §92.04; Wis. Admin. Code DHS §94.14
  • 8. W.S.A. § 942.07
  • 9. W.S.A. § 146.0255
  • 10. W.S.A. § 252.15
  • 11. W.S.A. 49.45
  • 12. Wis. Admin. Code DHS §109.74; Wis. Admin. Code DHS §109.51
  • 13. Wis. Admin. Code Ins. §25.10
  • 14. Wis. Admin. Code Ins. §25.17
  • 15. Wis. Admin. Code Ins. §25.60
  • 16. W.S.A. 610.70; Wis. Admin. Code Ins. §25.70
  • 17. Wis. Admin. Code Ins. §25.40
  • 18. W.S.A. 252.11; W.S.A. § 252.12; W.S.A. § 253.13
  • 19. W.S.A. § 48.371; W.S.A. § 153.45; W.S.A. 253.12; Wis. Admin. Code DHS §116.05
  • 20. W.S.A. 255.04
  • 21. W.S.A. § 146.38

 

Privacy and Confidentiality in Wisconsin

Subtopic Statute/Regulation Description
Insurer and Medicaid/Medicare confidentiality requirements, including disclosure laws (Cross reference Medicaid Data, Medicare data, and private insurance data requirements) Annual privacy notice to customers required – Wis. Admin. Code Ins §25-13 An insurer must provide a clear and conspicuous notice outlining its privacy policies regarding nonpublic personal financial information to customers...
Authorizations – Wis. Admin. Code Ins §25-73 A valid authorization to disclose nonpublic health information can be either written or in electronic format.  The authorization must include...
Disclosure of personal medical information – Wis. Stat. Ann. § 610.70 The law sets forth standards that any disclosure form to any insurer authorizing the disclosure of personal medical information must follow. ...
Disclosure of personal medical information – Wis. Stat. Ann. § 610.70 The law sets forth standards that any disclosure form to any insurer authorizing the disclosure of personal medical information must follow. ...
Disclosure without informed consent – Wis. Admin. Code DHS §92-04 Disclosure without informed consent The following instances allow for the disclosure of treatment records without the patient's informed consent...
Exception to notice and opt-out requirements for disclosure of personal financial information – Wis. Admin. Code Ins §25-55 Exception to notice and opt-out requirements for disclosure of nonpublic personal financial information for processing and servicing transactions The...
Exception to opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing – Wis. Admin. Code Ins §25-50 The opt-out requirements in Wis. Admin. Code §Ins. 25.17 do not apply when an insurer provides nonpublic personal financial information to any...
Form of opt out notice to consumers and opt out methods – Wis. Admin. Code Ins §25-17 If an insurer is required to provide an opt-out notice, it must do so with a clear and conspicuous notice to consumers.  The notice must include...
Information to be included in privacy notices – Wis. Admin. Code Ins §25-15 Information to be included in privacy notices This law states what information needs to be included in privacy notices that insurers are required to...
Initial privacy notice to consumers required – Wis. Admin. Code Ins §25-10 An insurer must provide a clear and conspicuous notice outlining its privacy policies regarding nonpublic personal financial information to customers...
Limits on re-disclosure and reuse of nonpublic personal financial information – Wis. Admin. Code Ins §25-35 If an insurer receives nonpublic personal financial information from an unaffiliated financial institution under an exception provided by law, the...
Limits on sharing account number information for marketing purposes – Wis. Admin. Code Ins §25-40 An insurer is not allowed to disclose directly or through an affiliate, a policy number or similar account code to any nonaffiliated third party for...
Nondiscrimination – Wis. Admin. Code Ins §25-90 An insurer may not discriminate against a consumer because the consumer has opted out of disclosure of his or her nonpublic personal financial...
Other exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information – Wis. Admin. Code Ins §25-60 Other exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information The notice requirement in Wis....
Patient data elements considered patient-identifiable – Wis. Admin. Code DHS §120-30 The Department of Health Services may not release or provide access to information that is patient identifying.  Those who are authorized to and...
Patient rights – Wis. Admin. Code DHS §133-08 A home health agency must provide each patient with a written notice of the patient’s rights before services are provided.  Each patient...
Provider responsibility – Wis. Admin. Code DHS §109-51 Senior care provider responsibilities This law sets forth the responsibilities for certified Senior Care providers.  The law states that...
Revised Privacy Notices – Wis. Admin. Code Ins §25-20 An insurer may not disclose a consumer’s nonpublic personal financial information to a third party other than what is described in the initial...
Safeguarded Information – Wis. Admin. Code DHS §109-74 Safeguarded Information The Department of Health Services may not use or disclose any information regarding current or past participants in the...
When authorization required for disclosure of nonpublic personal health information – Wis. Admin. Code Ins §25-70 When Authorization Required for Disclosure of Non-Public Personal Health Information An insurer is not allowed to disclose a consumer's nonpublic...
Confidentiality and disclosure requirements of public health reporting information (disease specific information/registry data) (Cross reference to Public Health Reporting) Birth defect prevention and surveillance system – Wis. Stat. Ann. § 253.12 Birth Defect Prevention and Surveillance System This law sets forth the rules for reporting of birth defects, the department of health's duties and...
Cancer reporting – Wis. Stat. Ann. § 255.04 Hospitals, physicians, and certified laboratories are required to report cases of cancer to the state through the Wisconsin Cancer Reporting System (...
Confidentiality – Wis. Admin. Code DHS §116-05 The Department must maintain the confidentiality of any information in the Wisconsin birth defect prevention and surveillance reporting system....
HIV and related infections, including hepatitis C virus infections; services and prevention – Wis. Stat. Ann. § 252.12 HIV and related infections, including Hepatitis C Virus Infections; Services and Prevention This regulation sets forth the requirements for the...
Induced abortion reporting – Wis. Stat. Ann. § 69.186 Induced Abortion Reporting This law requires that before January 15th of every year, each hospital, clinic or facility in which an induced abortion...
Release of data by department – Wis. Stat. Ann. § 153.45 The department of health services must release health care data that has been verified, reviewed, and commented upon in standard reports and public...
Reporting of Birth Defects – Wis. Admin. Code DHS §116-04 Providers who diagnose or treat a child with a birth defect or those who diagnose or treat a child with a suspected birth defect must report the...
Restrictions on use of an HIV test – Wis. Stat. Ann. § 252.15 Informed Consent Health care providers, blood banks, and plasma centers (“providers”) must take the following actions prior to...
Sexually transmitted disease – Wis. Stat. Ann. § 252.11 Sexually Transmitted Disease This law requires that any physician or health care professional treating a person infected by a sexually transmitted...
Testing infants for controlled substances or controlled substance analogs – Wis. Stat. Ann. § 146.0255 Health care providers employed by hospitals, social workers, and intake workers that suspect that an infant or expectant mother has a controlled...
Tests for congenital disorders – Wis. Stat. Ann. § 253.13 Tests for Congenital Disorders Physicians or nurses that attend to births in hospitals or maternity homes must test an infant's blood for "congenital...
Disclosure requirements (what providers can disclose, prohibition on further disclosure) Confidentiality of patient health care records – Wis. Stat. Ann. § 146.82 All identifiable health information is confidential and the release of such information requires consent of the patient, except under very limited...
Medical assistance; administration – Wis. Stat. Ann. § 49.45 Medical Assistance; Administration This law sets forth the detailed instructions to the Department of Health Services on running the state's Medical...
Protection of Patient Confidentiality – Wis. Stat. Ann. § 153.50 Protection of patient confidentiality This section lays out steps that the Department of Health Services (or the contracted data collection entity)...
Public Use Files – Wis. Admin. Code DHS §129-29 Public use data files provided by providers other than hospitals or ambulatory surgical centers may not disclose patient or employer identifying...
Records – Wis. Stat. Ann. § 51.30 Records A client may give informed consent to the disclosure of information related to their substance abuse treatment in writing provided that the...
Release of data by department – Wis. Stat. Ann. § 153.45 The department of health services must release health care data that has been verified, reviewed, and commented upon in standard reports and public...
Patient’s right to confidentiality of medical records/medical information Confidentiality of patient health care records – Wis. Stat. Ann. § 146.82 All identifiable health information is confidential and the release of such information requires consent of the patient, except under very limited...
General requirements – Wis. Admin. Code DHS §92-03 All treatment records (for mental illness, alcohol or drug abuse) or spoken information that identifies a patient are confidential.  Personal...
Patients rights – Wis. Stat. Ann. § 51.61 Patients Rights When patients are admitted or committed, they must be informed orally and in writing of his/her rights.  These rights include...
Records – Wis. Stat. Ann. § 51.30 Records A client may give informed consent to the disclosure of information related to their substance abuse treatment in writing provided that the...
Requirements for skilled nursing facilities – Wis. Stat. Ann. § 49.498 Requirements for Skilled Nursing Facilities This law sets forth a number of administrative requirements for skilled nursing facilities.  First,...
Resource centers for Provision of Social Services – Wis. Stat. Ann. § 46.283 Resource Centers for Provision of Social Services Resource centers are created through contracts with the DHS and counties, long-term care districts...
Disclosure of health information pursuant to court order or subpoena Disclosure without informed consent – Wis. Admin. Code DHS §92-04 Disclosure without informed consent The following instances allow for the disclosure of treatment records without the patient's informed consent...
Authorization for disclosure and exceptions to authorization requirements Health care services review; confidentiality of information – Wis. Stat. Ann. § 146.38 Wisconsin prohibits persons and organizations that conduct health care provider quality or utilization reviews from maintaining records related to...
Confidentiality and disclosure requirements of peer review information (Cross reference to Medical Peer Review) Induced abortion reporting – Wis. Stat. Ann. § 69.186 Induced Abortion Reporting This law requires that before January 15th of every year, each hospital, clinic or facility in which an induced abortion...
Confidentiality of genetic information Use of genetic tests – Wis. Stat. Ann. § 942.07 Employers, labor organizations, employment agencies, and licensing agencies must obtain informed consent from their employee, member, licensee, or...
Violations of confidentiality; penalties Violations related to patient health care records – Wis. Stat. Ann. § 146.84 Any person who negligently violates the provisions governing access to or confidentiality of patient medical records will be liable to the injured...
Privacy and Confidentiality Wis. Admin. Code DHS §61-23 - Confidentiality of Records - Community Mental Health and Developmental Disabilities Services This law requires that programs that provide community mental health and developmental disabilities services maintain records on each recipient of...
Wis. Stat. Ann. § 153.55 - Protection of confidentiality The information collected and disseminated by the DHS and contracted entities from health care providers and hospitals under Wis. Stat. Ann. §...
Wis. Stat. Ann. § 153.78 - Penalties This law states the penalties for violating the confidentiality requirements for and limits on disclosure of patient health care information as set...
Wis. Stat. Ann. § 252.09 - Meningococcal disease and hepatitis B This law requires that each private college and university do the following: Provide information on risks of meningococcal disease and hepatitis...
Wis. Stat. Ann. § 252.25 - Violation of law relating to health This law provides a catch-all remedy for violation of any statute or rule under the Health Chapter of the Wisconsin Code.  The law states that...
Wis. Stat. Ann. § 253.115 - Newborn hearing screening This law requires that DHS annually collect information about the number of deliveries in each hospital and whether these hospitals have newborn...
Wis. Stat. Ann. § 256.25 - Statewide trauma care system This law requires that DHS develop and implement a statewide trauma care system. DHS is required to develop a method to classify all hospitals with...