ComplianceOnline

HIPAA Privacy Rule - Permitted Uses and Disclosures


A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations:

  1. To the Individual (unless required for access or accounting of disclosures);
  2. treatment, payment, and Health Care Operations;
  3. Opportunity to Agree or Object;
  4. Incident to an otherwise permitted use and disclosure;
  5. Public Interest and Benefit Activities; and
  6. Limited Data Set for the purposes of research, public health or health care operations