MYTH: There are no required disclosures under HIPAA.
FACT: Covered entities are required to disclose protected health information to individuals and to HHS for compliance investigations.
The HIPAA Privacy Rule identifies a variety of purposes, such as treatment and public health, for which covered entities (such as health plans and most health care providers) and their business associates are permitted, but not required, to disclose or use an individual’s protected health information (PHI). The Privacy Rule only specifies two situations in which a covered entity or business associate is required to disclose PHI. Covered entities are required to disclose an individual’s PHI to that individual and to the Secretary of the US Department of Health and Human Services (HHS) for certain purposes. To learn more about required disclosures under HIPAA, please read our Myth Buster.
Enter the password to open this PDF file:
.png)