HIPAA Tip: When It's OK to Share

HIPAA Tip: When It's OK to Share

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that sets rules about who can look at and receive an individual’s health information.
“Covered entities” that must follow the HIPAA regulations include health plans, most healthcare providers, and healthcare clearinghouses. Business associates of covered entities also must follow parts of the HIPAA regulations.
“Business associates” are generally contractors, subcontractors, and other outside persons and companies that need to be able to access individual health records held by a covered entity to provide a service. Examples of business associates include:

  • Billing companies
  • Companies that help administer health plans
  • Lawyers, accountants, and IT specialists
  • Data management companies

These covered entities and business associates must follow HIPAA regulations or face heavy fines and other penalties.
Generally, a covered entity cannot use or share an individual’s health information without written permission, unless the law allows for it.
Examples of when a provider can share patient information without written consent include:

  • When the information is necessary to provide treatment.
  • When not disclosing it would interfere with a disaster relief organization’s ability to respond to an emergency.
  • As necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public.
  • To relay information about a patient’s location in the facility and general condition.

Providers also may share patient information to the extent necessary to seek payment for services rendered.
Source: www.hhs.gov/hipaa/for-professionals/faq/960/can-health-care-information-be-shared-in-a-severe-disaster/index.html

Renee Dustman
Follow me
Latest posts by Renee Dustman (see all)

About Has 730 Posts

Renee Dustman, BS, AAPC MACRA Proficient, is managing editor - content & editorial at AAPC. She holds a Bachelor of Science degree in Media Communications - Journalism. Renee has more than 30 years' experience in journalistic reporting, print production, graphic design, and content management. Follow her on Twitter @dustman_aapc.

No Responses to “HIPAA Tip: When It's OK to Share”

  1. Anonymous says:

    Since persons with HIV or AIDs are a protected class, does your comment of, “As necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public.” apply in the instance where you know that your patient is HIV+ and their partner is unaware that they and their newborn baby are potentially affected with HIV? The patient refuses to disclose. Does this rule on HIPAA apply for the physician to be able to disclose to the other parent of the baby?

  2. Renee Dustman says:

    That is a very good question. I will seek an answer for you from a more qualified source than myself.

  3. Renee Dustman says:

    In consulting with Michael D. Miscoe, Esq., CPC, CASCC, CUC, CCPC, CPCO, CPMA, AAPC National Advisory Board President-Elect, AAPC Legal Advisory Board, AAPC Ethics Committee Chair, and AAPC Certified ICD-10 Trainer, it would appear your best course of action would be to consult with a healthcare attorney licensed in the state in which you practice. Mr. Miscoe will address this question in more detail in an upcoming issue of Healthcare Business Monthly.