This Policy 4 implements the portion of the HIPAA Privacy Standards that limits the System’s a bility to request, access, Use, or Disclose PHI, which, in most cases is based on the purpose of the intended request, access, Use, or Disclosure, and in many cases is limited to the minimum necessary PHI required for an intended purpose. This Section identifies when System can request, access, Use, and Disclose PHI and sets forth additional procedures for responding to requests for Uses and Disclosures under specific circumstances.
This Policy 4 consists of the following Sections:
Section 4.2 Access to System PHI
Section 4.3 Uses and Disclosures Required by Law
Section 4.4 Discretionary Uses and Disclosures Without An Authorization
4.4(1) Routine Uses and Disclosures Exempt from Prior Approval:
- Disclosure of an Individual’s Own PHI to that Individual
- Uses and Disclosures for the Purpose of Conducting Payment Operations
- Uses and Disclosures for the Purpose of Conducting Health Care Operations
- Uses and Disclosures for Health Oversight Activities
- Disclosures for Inspection by the Secretary
- Disclosures for Workers Compensation
- Disclosures of Limited Data Sets
4.4(2) Disclosures for Third-Party Judicial or Administrative Proceedings
4.4(3) Non-Routine Uses and Disclosures Requiring Prior Approval:
- Uses and Disclosures for Public Health Activities
- Disclosures for Law Enforcement Purposes
- Uses and Disclosures Due to Imminent Threat to Health or Safety
- Uses and Disclosures Required by Military Authority
- Uses and Disclosures for National Security Activities
- Disclosures to Coroners and Medical Examiners
- Disclosures to Funeral Directors
Section 4.5 Conducting Underwriting Activities
Section 4.6 Research Disclosures and Uses
Section 4.7 Making Notification Disclosures
Section 4.8 Review of Requests for Use or Disclosure Requiring Approval by the Privacy Officer
Section 4.9 Minimum Necessary Standard for Uses and Disclosures of PHI
Section 4.10 Verification of Requestor’s Identity and Authority
Section 4.11 Obtaining and Relying Upon an Authorization
Section 4.12 Personal Representatives
