The HIPAA Privacy Rule identifies two specific instances where covered entities are required to disclose an individual's PHI: to the individual and to the Secretary of the U.S. Department of Health and Human Services. In addition to these required disclosures, the Privacy Rule allows a covered entity to disclose an individual’s PHI to a family member involved in the individual’s care or payment for their care, without the individual’s written authorization. However, in most circumstances the individual should be given an opportunity to agree with the disclosure, restrict the disclosure, or provide oral agreement to the disclosure. We invite you to learn more about the required disclosure of PHI and disclosures to family members under HIPAA.
Read our Myth Buster on Required Disclosures under HIPAA here
Read our Myth Buster on Patient and Family Access to PHI under HIPAA here
.png)