In some cases, Kaiser Permanente and other health care organizations are required or permitted by law to disclose member/ patient PHI without their written permission. The following are examples of these lawful disclosures. Kaiser Permanente’s policies and procedures provide additional information.
Examples for disclosing information (without member/patient authorization):
- Providers are required to report certain communicable diseases to state health agencies. When members/patients have these diseases, a report must be made even if the member/patient doesn’t want the information
- The Food and Drug Administration requires that certain information about medical devices that break or malfunction be reported.
- Some states require that when physicians or other people providing member/patient care suspect child abuse or domestic violence, they must report it to the police or applicable state
- The courts have the right to order providers to dis- close member/patient PHI in connection with litigation.
- Kaiser Permanente must cooperate with requests from the Secretary of the Department of Health and Human Services to disclose PHI when the Secretary investigates KP’s compliance with the HIPAA Privacy
Any disclosure of PHI that is not for TPO or otherwise authorized by law, must have prior individual authorization by the member/patient or his/her lawfully authorized representative.
Disclosing information to members/patients
Finally, members/patients have the right under HIPAA to request access to their own PHI, and request amendments to it. Refer to Kaiser Permanente’s policy and procedures about handling these requests.