When Can I Disclose PHI?

Disclosing PHI
Share on facebook
Share on twitter
Share on pinterest

Every day, you share patients’ protected health information (PHI) to carry out tasks at work. However, is it okay to share PHI without the patient’s permission? In many cases, yes. HIPAA allows you to share PHI both internally and with business associates if it helps with treatment, payment, or healthcare operations (TPO). TPO disclosures allow your organization to run smoothly without having to get authorization at every turn. Furthermore, many of your organization’s daily activities are related to TPO.

Treatment Disclosures

Many people are cautious about sharing patients’ treatment information. However, withholding too much can cause gridlock that could lead to a patient’s harm. Therefore, HIPAA allows for many types of treatment disclosures, including:

  • Sharing lab and imaging results, patient visit notes, patient history, or other information to help continue a patient’s care
  • Talking with other staff members to help provide care
  • Discussing dosage with an external pharmacy or a treatment plan with a specialist
  • Ordering a test from a lab
  • Referring patients to third parties

Payment Disclosures

If you can’t share PHI, insurance companies can’t pay you, and you can’t send patients to collections for unpaid bills. Therefore, it’s important to know when you can share PHI for payment purposes. These include:

  • Determining eligibility or coverage
  • Billing patients
  • Managing claims
  • Completing collection activities

Operations Disclosures

There’s a fine line between sharing enough PHI to help operations and sharing more than what’s needed. The minimum necessary standard limits the PHI you share to only what’s needed to carry out an activity. Acceptable operations disclosures include:

  • Ensuring patient safety
  • Developing protocol
  • Completing training or compliance programs
  • Conducting quality assessments and improvement activities
  • Detecting fraud and abuse
  • Planning business activities and development

Furthermore, besides TPO disclosures, there are other situations when sharing PHI is okay.

Preventing a Health Threat or Harm

In a situation that poses a serious and imminent threat to the safety of a person or the public, you can disclose a patient’s PHI to law enforcement, family members, and anyone else you believe can lessen or prevent the threat. However, in some cases, disclosing PHI is not only permitted but required. For example, if a patient is a potential threat to themselves or others and tells a staff member, they must report it.

Therefore, it’s important to understand when you can – and should – share a patient’s PHI without their permission. Not only do you protect your own organization from a potential breach, you also protect the safety of the patient and the community.

For more information, contact us at support@hipaatrek.com.

Please share to your communities

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.