Main ContentMCR Frequently Asked Questions
What is the Mississippi Cancer Registry?
The Mississippi Cancer Registry (MCR) is a population-based registry that collects information on cancer cases in Mississippi. In 1993, the Mississippi Legislature passed a law (Mississippi Code 41-91) mandating the collection of these data. Clinical laboratories, hospitals, physician's offices, cancer treatment centers and other healthcare providers are required to report diagnostic and treatment information to the MCR regarding cancer cases they diagnose or treat. The state law stresses the confidential nature of data released to the MCR.
What kind of cancer cases must be reported to MCR?
Refer the reportable list for cancers that must be reported.
What kind of data is collected?
MCR requires information which indicates diagnosis, stage of disease, medical history, patient demographics, laboratory data, tissue diagnosis and radiation, surgical or other methods of diagnosis or treatment for each cancer diagnosed or treated in Mississippi.
What about patient confidentiality?
Mississippi Code 41-91-1 preserves the confidentiality of the data reported to the MCR. Our staff is aware that behind the data we use every day are real people. Patient and institutional confidentiality must be maintained when mailing, faxing or discussing cases over the telephone.
Who is required to report to the MCR?
Anyone who diagnoses or treats cancer in Mississippi must report cases to the MCR.
How often do Mississippi facilities need to report cancer cases to the MCR?
The regulations established by the Mississippi State Department of Health require quarterly reporting. However, the MCR requests facilities to report monthly.
How are cases reported to the MCR?
Cases are reported electronically. The MCR follows nationally recognized reporting protocol to assure consistency in case reporting from facility to facility. Health facilities that see fewer than 25 cases each year are not required to report electronically. Instead, they may elect to submit the necessary information in a paper format for the MCR staff to enter cancer cases into the MCR database. The MCR does provide Mississippi reporting facilities with free internet-based, WebPlus, that meets the requirements for MCR reporting of cancer cases.
What is MCR data used for?
- To inform health professionals and educate citizens regarding specific cancer risks;
- To answer public questions and concerns about cancer;
- To focus cancer control activities in the state;
- To monitor the occurrence of cancer;
- To aid in research studies;
- To develop health services and screening programs.
What is the HIPAA Privacy Rule?
In 1996, the U.S. Congress passed a law requiring, among other things, uniform federal privacy protections for individually identifiable health information. This law is called the Health Insurance Portability and Accountability Act of 1996, or “HIPAA.” The U.S. Department of Health and Human Services recently issued a final “Privacy Rule.” Copies of the HIPAA Privacy Rule, as well as, helpful explanatory materials, may be found at the HHS Office of Civil Rights website.
What is a "covered entity" under HIPAA?
A "covered entity" is a healthcare plan, a healthcare clearinghouse or a healthcare provider who transmits any health information in electronic form for financial and administrative transactions.
What is a “public health authority?”
A public health authority is an agency of the government acting under government authority with a public health function as part of its official mandate. Such agencies are authorized by law to collect or receive information for the purpose of public health surveillance. Because of the state mandate to collect cancer information, the Mississippi Cancer Registry qualifies as a public health authority.
Does HIPAA allow a covered entity to report information about cases of cancer to the Mississippi Cancer Registry?
Yes. Reporting information about cases of cancer in accordance with the Mississippi Law is permitted by HIPAA. The MCR is considered a public health authority, and as such, is authorized to obtain protected health information without patient consent.
Are covered entities required to sign ”business associate agreements” with MCR when they perform on-site abstracting and cancer data reporting?
No. HIPAA requires business associate agreements with groups or individuals who carry out healthcare functions on behalf of the covered entities, but the MCR staff act on behalf of the state-mandated public health program when they provide on-site abstracting and reporting services. Therefore, they are not business associates.
Must health care providers obtain patient permission to share health information about a patient?
No. Diagnostic, treatment and follow-up information may be exchanged by healthcare providers, providing they both have a medical relationship with the patient for this condition.
Doesn't HIPAA nullify the state law?
No. HIPAA does not obstruct any state law that supports or mandates the reporting of diseases or injuries for public health purposes.
If a public health authority is located in a different state from the covered entity, is it still OK under HIPAA to provide data?
Yes. The Mississippi Cancer Registry has interstate data-sharing agreements, which also include strict limits on use and disclosure of reported information.
Are private practice physicians still required to report new cancer cases?
Yes, in compliance with state reporting regulations. The central cancer registry has a reportable list that identifies which cancers are reportable.
Under HIPAA, will pathology laboratories be able to send new cancer case information to the state cancer registry?
Yes. Public health reporting under the authority of state law is specifically exempted from HIPAA rules.