When and what information can a covered entity use or disclose PHI without a patient's authorization?
A covered entity, such as a health care provider may not use or disclose PHI without an individual's written authorization, except if permitted or required by the Privacy Rule. There are a few instances in which a covered entity can use or disclose an individual's PHI without obtaining authorization.
Summary of the HIPAA Privacy Rule: Authorized Uses and Disclosures - Developed by the Office for Civil Rights at the U.S. Department of Health and Human Services (2003). This site provides a summary of the HIPAA Privacy Rule.
E-mail the HealthIT e-mail box: email@example.com