When can a covered entity use or disclose PHI without an authorization?Covered entities may also use and disclose protected health information without individual authorization for certain public interest-related activities. These include: Oversight of the healthcare system, including licensing and regulation. Public health, and in emergencies affecting the life or safety.
What allows for disclosure of protected health information?Under HIPAA, a covered entity provider can disclose PHI to another covered entity provider for the treatment activities of the recipient health care provider, without needing patient consent or authorization. (45 CFR 164.506(c)(2).) Treatment (45 CFR 164.501) is broadly defined.
What safeguards does a covered entity need to protect information?Safeguards include such actions and practices as securing locations and equipment; implementing technical solutions to mitigate risks; and workforce training. The Privacy Rule's safeguards standard is flexible and does not prescribe any specific practices or actions that must be taken by covered entities.
Do Covered entities have to comply with the privacy Rule?Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.
|