Ensure that patient-related information is not visible to the public, such as on computer screens. What is appropriate for a particular covered entity will depend on the nature of the covered entity's business, as well as the covered entity's size and resources. Covered entities must establish and implement policies and procedures (which may be standard protocols) for routine, recurring disclosures, or requests for disclosures, that limits the protected health information disclosed to that which is the minimum amount reasonably necessary to achieve the purpose of the disclosure. Increased development and use of EHR in the workplace 164.530(d).72 45 C.F.R. Common ownership exists if an entity possesses an ownership or equity interest of five percent or more in another entity; common control exists if an entity has the direct or indirect power significantly to influence or direct the actions or policies of another entity. "Summary health information" is information that summarizes claims history, claims expenses, or types of claims experience of the individuals for whom the plan sponsor has provided health benefits through the group health plan, and that is stripped of all individual identifiers other than five digit zip code (though it need not qualify as de-identified protected health information). The objectives of this paper are to: There are exceptionsa group health plan with less than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity. 45 C.F.R. A health plan may condition enrollment or benefits eligibility on the individual giving authorization, requested before the individual's enrollment, to obtain protected health information (other than psychotherapy notes) to determine the individual's eligibility or enrollment or for underwriting or risk rating. (3) Uses and Disclosures with Opportunity to Agree or Object. De-Identified Health Information. Reasonable Reliance. 164.520(c).53 45 C.F.R. For example, a treatment program would be subject to this . Covered entities may disclose protected health information to funeral directors as needed, and to coroners or medical examiners to identify a deceased person, determine the cause of death, and perform other functions authorized by law.35, Cadaveric Organ, Eye, or Tissue Donation. Many different types of information can identify an individual's PHI under HIPAA, including but not limited to: HOW SHOULD PHI BE USED AND DISCLOSED?
