|
abuse, neglect, domestic violence (HIPAA)
HIPAA's Privacy Rule permits
covered entities to disclose
protected health information
(PHI) about an individual whom the covered entity reasonably
believes to be a victim of abuse, neglect, or domestic violence.
Such disclosures can be made only to government agencies
authorized by law to receive such reports, such as:
- social service or protective services agencies; and
The disclosures must comply with, but also be limited to,
the relevant requirements of such law.
The individual -- or his/her personal
representative -- must agree to the disclosure; or, in
the absence of such agreement, to the extent explicitly authorized
by statute or regulation:
- the covered entity, in the exercise of professional judgment,
must believe the disclosure without agreement is necessary
to prevent serious harm to the individual or other potential
victims; or
- the individual is unable to agree because of incapacity,
and a law enforcement or other public official authorized
to receive the report represents that the PHI for which
disclosure is sought is not intended to be used against
the individual and that an immediate enforcement activity
that depends upon the disclosure would be materially and
adversely affected by waiting until the individual is able
to agree to the disclosure.
A covered entity that makes such a disclosure must promptly
inform the individual that such a report has been or will
be made, except if the covered entity:
- in the exercise of professional judgment, believes informing
the individual would place the individual at risk of serious
harm; or
- would be informing a personal representative, and the
covered entity reasonably believes the personal representative
is responsible for the abuse, neglect, or other injury,
and that informing such person would not be in the best
interests of the individual.
See also:
Last modified:
24-Apr-2006
[RC]
|
