A covered entity may use and disclose PHI for a number of different purposes and stay in compliance with HIPAA permitted uses and disclosures. It is always permitted to use and disclose PHI for treatment, payment and health care operations.
Sharing PHI for Treatment
Keep in mind that HIPAA was written to not only protect PHI but to assist treatment providers in caring for the patient without requiring patient authorization in order to share their PHI. For example, it is permissible to share PHI with health care providers who will treat the patient in their office or after hospital discharge. The sharing may be electronically and must be in a manner that is compliant with the Security Rule.
We now see the need to share data with health care providers for purposes of care coordination. This activity didn’t exist when HIPAA was written is now required by CMS and is part of a treatment plan. A health care provider may disclose PHI to another for this treatment purposes without patient authorization.
Contact us for more information on this important topic.