The Hipaa Security And Privacy Rules

1037 Words Sep 5th, 2015 5 Pages
1. List when PHI can and cannot be disclosed:
The HIPAA Security and Privacy Rules mandate that healthcare providers and organizations and their respective business associates abide by HIPAA rules when they create and follow procedures that must be transmitted, obtained, handled, or shared. In addition, during these processes, the confidentiality and security of all protected health information (PHI) must be achieved and maintained (Hernandez, 2015). Moreover, there are instances when PHI can and cannot be disclosed. Stanford (n.d) differentiates between information that is “shared” and “disclosed.” Shared applies to PHI utilized within the covered entity; whereas, “disclosed” pertains to PHI shared outside of the covered entity (Stanford, n.d). Furthermore, Stanford (n.d.) states that according to the Privacy Rule, it consents employing or disclosing PHI for the following purposes:
• For treatment (including treatment in the course of research);
• For payment;
• For health care operations (including education programs);
• With authorization by the individual;
• When compelled by law
Moreover, Hernandez (2015) provided additional situations when PHI can be disclosed. These are:
• To perform work defined in the contract between a covered entity and its business associate.
• To the individual that the information is about (once the verification process has been achieved).
• With a third person with the individual’s permission.

Upon further investigation, there are…
Open Document