The HIPAA Privacy Rule permits covered entities (i.e., health care providers, laboratories, and hospitals) to disclose protected health information, without authorization, to public health authorities who are legally authorized to receive such reports for the purpose of preventing or controlling disease, injury, or disability. Examples of public health authorities include the state and local health departments in New Jersey and the Centers for Disease Control.