PRIA Logo
Take the PRIA Score
Title 42The Public Health and WelfareRelease 119-73

§17936 Conditions on certain contacts as part of health care operations

Title 42 › Chapter CHAPTER 156— - HEALTH INFORMATION TECHNOLOGY › Subchapter SUBCHAPTER III— - PRIVACY › Part Part A— - Improved Privacy Provisions and Security Provisions › § 17936

Last updated Apr 6, 2026|Official source

Summary

When a doctor, hospital, or their business partner sends a message that tries to sell or promote a product or service, that message usually is not treated as a routine health-care business activity under federal privacy rules—unless the message is one of the specific types listed in the HIPAA marketing rules. If the covered entity gets paid to send such a marketing message, it still won’t count as routine business only in these cases: the message only talks about a drug or biologic the person already has a prescription for and the payment is reasonable; the covered entity itself sends the message and the person gave a valid written permission; or a business associate sends the message for the covered entity and follows their written contract. “Reasonable in amount” will be defined by the Secretary. Payments for medical treatment are not treated as a “direct or indirect payment.” Written fundraising messages that are treated as routine health-care business must include a clear way for the person to opt out, and opting out counts as revoking permission. These rules apply to written messages sent on or after the effective date in section 13423.

Full Legal Text

Title 42, §17936

The Public Health and Welfare — Source: USLM XML via OLRC

(a)(1)A communication by a covered entity or business associate that is about a product or service and that encourages recipients of the communication to purchase or use the product or service shall not be considered a health care operation for purposes of subpart E of part 164 of title 45, Code of Federal Regulations, unless the communication is made as described in subparagraph (i), (ii), or (iii) of paragraph (1) of the definition of marketing in section 164.501 of such title.
(2)A communication by a covered entity or business associate that is described in subparagraph (i), (ii), or (iii) of paragraph (1) of the definition of marketing in section 164.501 of title 45, Code of Federal Regulations, shall not be considered a health care operation for purposes of subpart E of part 164 of title 45, Code of Federal Regulations if the covered entity receives or has received direct or indirect payment in exchange for making such communication, except where—
(A)(i)such communication describes only a drug or biologic that is currently being prescribed for the recipient of the communication; and
(ii)any payment received by such covered entity in exchange for making a communication described in clause (i) is reasonable in amount;
(B)each of the following conditions apply—
(i)the communication is made by the covered entity; and
(ii)the covered entity making such communication obtains from the recipient of the communication, in accordance with section 164.508 of title 45, Code of Federal Regulations, a valid authorization (as described in paragraph (b) of such section) with respect to such communication; or
(C)each of the following conditions apply—
(i)the communication is made by a business associate on behalf of the covered entity; and
(ii)the communication is consistent with the written contract (or other written arrangement described in section 164.502(e)(2) of such title) between such business associate and covered entity.
(3)For purposes of paragraph (2), the term “reasonable in amount” shall have the meaning given such term by the Secretary by regulation.
(4)For purposes of paragraph (2), the term “direct or indirect payment” shall not include any payment for treatment (as defined in section 164.501 of title 45, Code of Federal Regulations) of an individual.
(b)The Secretary shall by rule provide that any written fundraising communication that is a healthcare operation as defined under section 164.501 of title 45, Code of Federal Regulations, shall, in a clear and conspicuous manner, provide an opportunity for the recipient of the communications to elect not to receive any further such communication. When an individual elects not to receive any further such communication, such election shall be treated as a revocation of authorization under section 164.508 of title 45, Code of Federal Regulations.
(c)This section shall apply to written communications occurring on or after the effective date specified under section 13423.11 See References in Text note below.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

section 13423, referred to in subsec. (c), means section 13423 of div. A of Pub. L. 111–5, which is set out as an

Effective Date

note under section 17931 of this title.

Statutory Notes and Related Subsidiaries

Effective Date

Section effective 12 months after Feb. 17, 2009, except as otherwise specifically provided, see section 13423 of Pub. L. 111–5, set out as a note under section 17931 of this title.

Reference

Citations & Metadata

Citation

42 U.S.C. § 17936

Title 42The Public Health and Welfare

Last Updated

Apr 6, 2026

Release point: 119-73