Permitted Disclosure and Uses of Information Under HIPAA Privacy Rule
Health Care or Medical providers who fall under the group of ‘covered entities’ have the permission, but not the requirement, under the HIPAA Privacy Rule, to disclose and use Protected Health Information (PHI) without the authorization of the individual concerned, under a given set of circumstances. These are listed here below:
- Payment, Treatment and Health Care Operations:
This basically refers to the covered entity disclosing PHI for its own, internal purposes of payment, treatment and health care operations that the individual might be in need of.
- Incidental Disclosure and Use:
So long as the information being disclosed is limited to the ‘minimum necessary’ as per the HIPAA Privacy Rule, and the covered entity applies reasonable safeguards in its disclosure and use of PHI, HIPAA Privacy Rule does not require that every risk of an incidental use be eliminated.
- Disclosure to the individual
This is the individual to whom the record refer to.
- Disclosure for the Interest and Benefit of the Public
For more information on What is HIPAA Permitted Disclosure and Uses of Information Under HIPAA Privacy Rule.