 |
| 164.512 |
|
 |
|
|
|
USES AND DISCLOSURES OF PHI FOR WHICH CONSENT,
AUTHORIZATION, OR OPPORTUNITY TO AGREE OR OBJECT IS NOT REQUIRED:
A CE may use or disclose PHI without authorization or the opportunity
to object in situations covered in this section ¶ 9.
|
|
164.512(d) |
|
|
|
|
|
Uses and Disclosures
for Health Oversight Activities: |
|
| |
|
|
|
| |
9.1.1. |
Permitted disclosures: CE may disclose PHI to
a health oversight agency for oversight activities authorized by
law; including audits; civil, administrative, or criminal investigations;
inspections; licensure or disciplinary actions; civil, administrative,
or criminal proceedings or actions; or other activities necessary
for appropriate oversight of:
9.1.1.1. |
The health care
system; |
9.1.1.2. |
Government benefit
programs for which health information is relevant to beneficiary
eligibility; |
9.1.1.3. |
Entities subject to government regulatory
programs for which health information is necessary for determining
compliance with program standards; or
|
9.1.1.4. |
Entities subject to civil rights laws for which health information
is necessary for determining compliance. |
|
| |
9.1.2. |
Exception
to health oversight activities: For purpose of disclosures permitted
pursuant to ¶ 9.1.1., a health oversight activity does not include
an investigation or other activity in which the individual is the
subject of the investigation or activity and the investigation or
other activity does not arise out of and is not directly related to:
9.1.2.1. |
The receipt
of health care; |
9.1.2.2. |
A claim for public benefits related to
health; or
|
9.1.2.3. |
Qualification
for, or receipt of, public benefits or services when a patient's
health is integral to the claim for public benefits or services. |
|
| |
9.1.3. |
Joint
activities or investigations: Notwithstanding ¶ 9.1.2., if a
health oversight activity or investigation is conducted in conjunction
with an oversight activity or investigation relating to a claim for
public benefits not related to health, the joint activity or investigation
is considered a health oversight activity for purposes of ¶ 9.1. |
| |
9.1.4. |
Permitted
uses: If a CE is also a health oversight agency, the CE may use PHI
for health oversight activities as outlined in ¶ 9.1. |
|
164.512(b) |
|
|
|
|
|
Uses and Disclosures
for Public Health Activities: |
|
| |
|
|
|
| |
9.2.1. |
Permitted disclosures:
CE may disclose PHI for public health activities and purposes to:
9.2.1.1. |
A public health
authority authorized by law to collect or receive information
for the purpose of preventing or controlling disease, injury,
or disability, including but not limited to, the reporting of
disease, injury, vital events such as birth or death, and the
conduct of public health surveillance, public health investigations,
and public health interventions; or, at the direction of a public
health authority, to an official of a foreign government agency
that is acting in collaboration with a public health authority; |
9.2.1.2. |
A public health
authority or other government authority authorized by law to
receive reports of child abuse or neglect; |
|
9.2.1.3. |
A person subject to the jurisdiction
of the Food and Drug Administration (FDA) with respect to
an FDA regulated product or activity for which that person
has responsibility, for the purpose of activities related
to the quality, safety or effectiveness of such FDA regulated
product or activity including:
9.2.1.3.1. |
To collect or report adverse events
(or similar activities with respect to food or dietary
supplements), product defects or problems (including
use and labeling problems), or biological product;
|
9.2.1.3.2. |
To track FDA related;
|
|
9.2.1.3.3. |
Enable product recalls, repairs,
or replacement or look back (including locating and
notifying persons who have received products that have
been recalled, withdrawn, or the subject of look back;
or
|
9.2.1.3.4. |
To conduct post-marketing surveillance;
|
|
9.2.1.4. |
A person who may have been exposed to
a communicable disease or may otherwise be at risk of contracting
or spreading a disease or condition, if the CE or public health
authority is authorized by law to notify such person as necessary
in the conduct of a public health intervention or investigation;
or
|
9.2.1.5. |
An employer, about an individual who is a member of the employer's
workforce if:
|
9.2.1.5.1.
|
The CE is a covered health care
provider who is a member of the workforce of such employer
or who provides a health care service to the individual
at the request of the employer to conduct an evaluation
relating to medical surveillance of the workplace; or
evaluate whether the individual has a work-related illness
or injury;
|
|
9.2.1.5.2.
|
The PHI that is disclosed consists
of findings concerning a work-related illness or injury
or a workplace-related medical surveillance;
|
|
9.2.1.5.3.
|
The employer needs such findings
in order to comply with federal or state law to record
such illness or injury or to carry out responsibilities
for workplace medical surveillance; and
|
|
9.2.1.5.4.
|
The provider provides written notice
(directly or posted) to the individual that PHI relating
to the medical surveillance of the workplace and work-related
illness and injuries is disclosed to the employer.
|
|
|
| |
9.2.2. |
Permitted uses: If the CE is also
a public health authority, the CE is permitted to use protected health
information in all cases in which it is permitted to disclose such
information for public health. |
|
| 164.512(a) |
|
|
|
|
|
Uses/Disclosures
Required by Law: CE may use or disclose PHI to the extent such
use/disclosure is required by law and the use/disclosure complies
with and is limited to the relevant requirements of such law. CE must
meet the requirements described in ¶ 9.4 through ¶ 9.6 for
uses/disclosures required by law. |
|
| |
|
|
|
|
| |
|
|
|
|
