X

HHS issues HIPAA guidance on exchange of protected health information without patient consent



February 22, 2016
Area(s) of Interest: HIPAA Licensing & Regulatory Issues Patient Care Patient Privacy 

The U.S. Department of Health and Human Services (HHS) has released two new fact sheets and an accompanying blog series that clarify what health information can be disclosed without a patient's written authorization under the Health Information Portability and Accountability Act (HIPAA).


According to the HHS Office of the National Coordinator for Health IT (ONC), it often hears complaints that HIPAA makes it difficult, if not impossible, to move electronic health data when and where it is needed for patient care and health. What many people don’t realize is that HIPAA not only protects personal health information from misuse, but also enables that personal health information to be accessed, used or disclosed interoperably, when and where it is needed for patient care.


This blog series and fact sheets aim to correct this misunderstanding so that health information is more often available when and where it is needed. They give numerous examples of when electronic health information can be exchanged without first requiring an authorization from the patient, so long as other protections or conditions are met.


Download the fact sheets:



For more information on the permitted uses and disclosures of protected health information under HIPAA as well as California law, see CMA On-Call document #4207 “Requests by Other Third Parties: CMIA, IIPPA and the HIPAA Privacy Rule.” The health law library is free to members in CMA's online resource library. Nonmembers can purchase documents for $2 per page.


For more California Medical Association resources on HIPAA, click here.

Join CMA Today!

Explore why over 43,000 California physicians have joined CMA to advocate for patients, the medical profession and the future of health care.

Was this page helpful?