If permitted by law, we may share your PHI to a person who has been exposed to a communicable illness or is otherwise at risk of developing or spreading the disease or condition. This might include a family member or friend of yours.
We may also disclose your PHI if you have been identified as a potential victim or witness in a criminal investigation or proceeding. We will notify you before we do so.
Finally, we may disclose your PHI if we believe it is necessary for medical treatment or other health care purposes. For example, we may disclose your PHI if you report that you have been injured in an accident and require hospitalization. In this case, we would share information with the responsible party on your behalf.
You will usually receive notice when your PHI is about to be released or disclosed, either publicly or privately. If not, please contact us at
We are required by law to maintain the privacy of your medical records. Therefore, we cannot release information that might identify you personally. However, in certain cases, such as when you have been involved in a crime or are suspected of being infected with a communicable disease, our legal duty to protect patient privacy may supersede your right to keep your identity secret.
In general, a covered organization may use or disclose PHI only if (1) the HIPAA Privacy Rule expressly authorizes or requires it, or (2) the individual who is the subject of the information provides written authority. Please keep in mind that this blog only covers HIPAA; additional federal or state privacy rules may apply.
An example where the Secretary would likely express authorization for an organization to release protected health information are situations where the organization is acting as a business associate of its client. In such cases, the organization would be authorized to release PHI when necessary to fulfill its role as a business associate. For example, an organization that performs credit checks on applicants for employment may be required by its client to review applicant records to determine whether they meet with the client's approval. The organization would be permitted to release applicant's names and other identifying information to its client as part of this process.
Another example where the Secretary would likely provide authorization is where the individual who is the subject of the information gives his or her consent. For example, an individual who has been given permission to receive his or her medical records at another hospital may be able to authorize that hospital to disclose those records to others as needed to provide appropriate treatment.
Finally, there are some instances where it is believed that disclosure is warranted but no specific authorization has been provided.
You can release PHI without patient agreement in the following circumstances: coroner's investigations, court litigation, reporting infectious illnesses to a public health department, and reporting gunshot and knife wounds.
If PHI cannot be used to identify a person, information can be released without authorisation. Yes, the HIPAA privacy regulation REQUIRES the covered organization to authenticate the identity and authorization of the individual requesting the PHI. Yes, otherwise you risk disclosing PHI to the incorrect person. If in doubt, contact your legal counsel or industry representative.
Only when an individual can be recognized from the information is PHI considered PHI. When all identifiers are removed from health data, it no longer qualifies as protected health information, and the limits on uses and disclosures imposed by the HIPAA Privacy Rule no longer apply. What exactly is PHI? Protected Health Information (PHI) is any information, including medical records and files, that relate to you or your family member's past or present physical or mental health conditions, including cancerous tumors, diseases, complications, injuries, mental disorders, functional limitations, and death. This includes information collected by a health care provider during a routine health checkup or treatment. It also includes information received from other sources about you or your family member, such as reports by schools or employers about bullying behaviors or substance abuse issues.
In addition to removing all identifying information from health data, another way to determine if something is PHI is by asking yourself whether you would want someone who did not work for your health care provider to have it. If not, it's probably not PHI. However, even if you give permission for certain people to see this information, you can change your mind at any time. You should know that even if you tell your doctor you want your HIV status kept private, that doesn't mean that his or her office will respect your wishes. They may disclose your information without your consent if they feel like it could help save your life.
PHI is any information in a medical record or designated record set that may be used to identify an individual that was made, used, or disclosed in the process of delivering a health care service, such as diagnosis or treatment. This might include name, address, phone number, social security number, and/or other sensitive personal information.
Phi identifiers are codes that are used to identify individuals within the PHI system. These codes are usually four to six digits long and are used instead of names when data must be matched back to its source. Examples of PHI identifiers include patient identification numbers, physician identification numbers, and hospital identification numbers.
The use of phi identifiers is required by federal law to protect patients' privacy (HIPAA). The three main purposes for using these identifiers are finding specific records on an individual, linking records from different institutions, and preventing re-identification of previously identified individuals.
Individuals' records must be excluded from PHI if they cannot give informed consent. If you know or suspect that an individual has been exposed to radiation, taken drugs that can harm your unborn child, had their organs transplanted, or is otherwise unable to give consent, their records should be excluded from PHI. Individuals' records can also be excluded if they have a mental impairment that prevents them from giving consent or if they are under age 18.