The Health Insurance Portability and Accountability Act (HIPAA) provide standards that must be observed in the use and sharing of patients’ information. Because of the danger that the abuse of patients information may pose to the patients, the Health Insurance Portability and Accountability Act (HIPAA) ensures that every patient receiving medical attention by a Covered Entity (CE) or a Business Associate (BA) is well protected.
A Covered Entity (CE) or Business Associate (BA) may sometimes disclose or share with the public or another individual any information about a patient if the information disclosed or shared is needed to prevent imminent danger or lessen it in any way. However, this information can only be shared with someone who is believed to be able prevent or lessen the threat, this also includes the person the threat is targeted at. As a Covered Entity (CE) or Business Associate (BA), you are allowed to share such information to law enforcement agencies if the information is needed to stop a criminal or an outbreak or any form of violence.
A Covered Entity (CE) is also allowed to with an informal permission from the patient to include the patient’s personal details in its directories if the health care providing facility maintains directory of patients. This personal information also includes the patient’s location in the facility and medical condition. Sometimes religious affiliation can be included.
You can get this informal permission from the patient by asking the patient outright, or by circumstances that clearly give the individual the chance to agree, acquiesce, or object.
Sometimes a patient may be incapacitated or in an emergency condition or even unavailable to grant permission. In this case the Covered Entity (CE) can share the patient’s Protected Health Information (PHI) if it is for the best interest of the patient.
To a foreign government agency (at the direction of a public health authority) that is acting in collaboration with the public health authority.31
To persons at risk of contracting or spreading a disease or condition if other law, such as state law, authorizes the CE to notify such individuals as necessary to prevent or control the spread of the disease.
Health information of an individual that has been deceased for more than 50 years is not PHI and therefore not subject to the Privacy Rule use and disclosure standards. You may use and disclose the information without patient authorization.