Exceptions do exist to the disclosure regulations prescribed under HIPAA privacy rule. Protected Health Information (PHI), such as an individual’s health care or medical payment records, health status and other information that falls under HIPAA privacy rule, can be disclosed under special circumstances which include:
Disclosure to the individual to whom the records refer to – These should be availed within 30 days of the request
When requested by law – For example, in cases where a child welfare agency suspects the perpetration of child abuse has occurred within a household.
The individual whose records are the subject of disclosure may give authorization – this may occur in cases where the individual is required to undergo a particular operation or where payment for a particular procedure is necessary.
In all of the above instances official source, the records or information requested for disclosure should be provided by the covered entity to such an extent that what is disclosed is just enough to accomplish the intention for which the disclosure was authorized.