Treatment of requests for additional restrictions on disclosure of PHI

by | Feb 22, 2010

Under HIPAA’s Privacy Rule, individuals may request additional restrictions on uses and disclosures of their protected health information. However, covered entities are not bound to agree to any restriction.

If the restriction is accepted, covered entities must abide by it except in emergency situations where a use or disclosure is necessary to provide treatment and those to whom the restricted information is disclosed must be asked not to redisclose it.

It must be noted here that such restrictions do not apply to the broad “fourth class” of uses and disclosures for which no consent, authorization nor opportunity to agree or object is required. These uses and disclosures include:

* Public health
* Abuse
* Neglect or domestic violence reporting
* Health oversight
* Judicial or administrative proceedings
* Law enforcement
* Research under Privacy Board or IRB waiver
* Immediate threats to public safety
* National security
* Government functions
* Uses and disclosures otherwise required by law.

A covered entity may terminate its agreement to a restriction, if the:

* individual agrees to or requests the termination in writing;
* requests such a termination orally (there oral declaration must still be documented); or
* covered entity informs the individual that it is terminating its agreement to a restriction. Here, the termination is only effective for protected health information created or received after the individual has been informed.

3-Steps to HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy