What does it mean to disclose PHI?

Covered entities may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen the threat (including the target of the threat).

What does confidential PHI mean?

Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate …

When can PHI be used and disclosed?

In general, a covered entity may only use or disclose PHI if either: (1) the HIPAA Privacy Rule specifically permits or requires it; or (2) the individual who is the subject of the information gives authorization in writing.

Can PHI be disclosed to family members?

The Privacy Rule at 45 CFR 164.510(b) permits a health plan (or other covered entity) to disclose to a family member, relative, or close personal friend of the individual, the protected health information (PHI) directly relevant to that person’s involvement with the individual’s care or payment for care.

When can you share PHI?

Preventing a Health Threat or Harm In a situation that poses a serious and imminent threat to the safety of a person or the public, you can disclose a patient’s PHI to law enforcement, family members, and anyone else you believe can lessen or prevent the threat.

How can PHI be communicated?

Send PHI as a password protected/encrypted attachment when possible. In the subject heading, do not use patient names, identifiers or other specifics; consider the use of a confidentiality banner such as “This is a confidential medical communication”.

What are the 3 allowed uses of PHI?

Obtaining “consent” (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities.

When can you share PHI to family?

In this case, the covered entity may disclose PHI to the close family member or personal friend if it: Obtains the individual’s agreement (written or oral); Provides the individual with the opportunity to object to the disclosure (and the individual does not object); or.

When can an organization share PHI with others?

HIPAA allows you to share PHI both internally and with business associates if it helps with treatment, payment, or healthcare operations (TPO). TPO disclosures allow your organization to run smoothly without having to get authorization at every turn.

When can a Phi be disclosed to an individual?

PHI can be disclosed in response to a subpoena, discovery or other lawful process that is not accompanied by a court order if the party seeking the PHI has made reasonable efforts to notify the individual of the request, if the time for the individual to object has elapsed and if reasonable efforts have been made to secure a protective order.

What is the definition of “Phi”?

The information pertains to a person who has been deceased for more than 50 years. This means that a deceased person’s individually identifiable information is considered PHI that is protected by HIPAA for the first 50 years after death.  

Who must be aware of the Phi guidelines?

All employees of an organization that acts as a covered entity or business associate must be aware of these guidelines. It is always permitted to use and disclose PHI for treatment, payment and health care operations. If the reason for disclosing the PHI is not for one of these purposes an authorization must be obtained.

What is the Privacy Rule and how does it affect Phi?

The Privacy Rule allows covered entities to disclose necessary PHI without the individual?s authorization to a public health authority for the purpose of preventing or controlling disease, injury or disability.