Your Compliance Edge

Uses and Disclosures of PHI

A covered entity may not use or disclose protected health information (PHI) unless:

  • The Privacy Rule requires the use or disclosure;
  • The Privacy Rule permits the use or disclosure; or
  • The individual who is the subject of the information (or the individual's personal representative) authorizes the use or disclosure in writing.

In addition, a covered entity must make reasonable efforts and implement policies and procedures to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request. This is called the "minimum necessary standard."

Required Disclosures

A covered entity must disclose protected health information in only two situations:

  1. To individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and
  2. To HHS when it is undertaking a compliance investigation or review, or an enforcement action.  

FREE Labor Law Penalties
by Company Size Chart

Alerts you to the penalties associated with key federal laws such as
COBRA and discrimination.



Download HR360


Request a Demo 

or Log In